Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 2 subscribers
  • Views 885 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

prevent users change anything

Murat Pektas

hi i searched this problem on forum and i found a sloution that end user should be member of local users or domain user. otherwise user can change firewall policy or something on endpoint even if tamper was enabled. if i also add user which is member of administrators group to sophosusers group then user cant change anything on endpoint. but this is not easy solution. how can i prevent admins to not change antyting on endpoint.

 



This thread was automatically locked due to age.
Parents
  • 0

    Hello Murat Pektas,

    I can't say if TP also applies to the firewall - some older threads suggest it doesn't.
    Users that are not members of SophosAdministrator shouldn't be able to change something (with, AFAIK, the exception of some SCF settings). TP restricts the UI and uninstall for a SophosAdministrator,  Enhanced Tamper Protection prevents changes to the system (Sophos services, registry keys, and files) by an admin but as said, I can't say if it also covers SCF.

    Christian

Reply
  • 0

    Hello Murat Pektas,

    I can't say if TP also applies to the firewall - some older threads suggest it doesn't.
    Users that are not members of SophosAdministrator shouldn't be able to change something (with, AFAIK, the exception of some SCF settings). TP restricts the UI and uninstall for a SophosAdministrator,  Enhanced Tamper Protection prevents changes to the system (Sophos services, registry keys, and files) by an admin but as said, I can't say if it also covers SCF.

    Christian

Children
No Data
Unfiltered HTML