Protected/Un-protected Clients in Sophos Enterprise Console

Hi all,

Would there be any reason why a client would be protected and then after a while greyed out as shown in the attached?

Kind regards, Dan Petford

  • Hello Dan Petford,

    it was protected managed (i.e. appeared with black text and a green overlay on the computer icon) and then reverted to an unmanaged state?
    Are you perhaps using AD sync? If so, is there a computer with the same name in the Unassigned group? 

    Christian

  • In reply to QC:

    Yes that is correct.

    We are using AD Sync, however there isn't a duplicate with the same name?

    Kind regards, Dan

  • In reply to Dan Petford:

    Hello Dan,

    there isn't a duplicate
    nowhere? Usually but not necessarily it's Unassigned where an AD-duplicated computer jumps to.
    A protected, manged computer should always be visible (either connected or disconnected) in the console. If you delete it it will reappear when it sends the next message. So it has to be somewhere. AD sync imports computer objects from AD considering name, domain, description, OS (version and SP), and naturally the container. These values are compared to those of known (i.e. already listed) computers. In case of a match the computer is moved to the appropriate group, if no match is found for the AD object a computer stub is added to the group. If a computer is found in a synchronized group that has no matching AD object it is moved to Unassigned. Certain workflows can confuse SEC.

    Could you describe the workflow? Was it first in AD (by whatever means it got there), synced (as unmanaged), installed, appeared as managed, and then "reverted" with the next sync? 

    Christian

  • In reply to QC:

    It is first in AD, synced as Unmanaged, installed, appeared as managed, then after a while greyed out.

  • In reply to Dan Petford:

    Hello Dan,

    so it has been joined to the domain before Sophos has been installed, correct?
    Please check the mentioned attributes whether they are identical in AD ... hold it! You need to compare the managed computer, thus you have to find it in the console. It has to be somewhere. I'm not aware that SEC would delete (i.e. hide) an active computer or mark it as unmanaged.

    Christian