Cannot Manage Endpoints created from gold image

Hi

 

We pushed out a gold image with Sophos AV included without correctly preparing the program (removing all componenents apart from autupdate) so we now have loads of machines in limbo mode that cant be managed from the SEC. Is there any way we can centrally control the removal of the client software without manually removing tamper protect from every machine. The client version is 10.8

We have tried moving them to an OU to disable tamper protect and several other methods but none are successful.

Can we use the MSI with the Sophos Admin credentials to disable tamper protect and uninstall the product?

the gold image has now been corrected following the Sophos KB but we still have about 400 machines that cannot be managed

 

many thanks for any suggestions

 

  • adding to this.. is there anything we can do to get these managed without uninstalling!

  • In reply to richard plywood:

    Hi Richard,

    I'd try creating a redirection script from Sophos Enterprise Console and running it on an issue endpoint.  The script will reinitialize Sophos RMS (Communication service).  This may get them managed again without the need to uninstall or reinstall and can also be automatically pushed out via GPO.

    https://community.sophos.com/kb/en-us/116737

    After creating this, test it by running it on a single endpoint in an administrative command prompt (As you cannot right click > Run as admin on .vbs files).  You may need to restart Sophos Agent and Sophos Message Router service after or just perform a reboot.

    If the endpoint still cannot be managed then a reinstall may be required. The KB below may assist with automating it.  If you did not enable enhanced Tamper Protection, you can include a line in the script to stop the Sophos Anti-virus prior to removal and this should override Tamper Protection, otherwise try including this command prior to uninstall: "C:\Program Files\Sophos\Endpoint Defense\SEDcli.exe" -TPoff <password>

    https://community.sophos.com/kb/en-us/109668

  • In reply to MEric:

    hi eric

     

    using the vbscript to redirect the endpoint to the same place has worked as exactly as you described. we did not need to take it to step 2.

     

     thanks for your super helpful reply

     

    richard plywood