Hi,
i have configured stas in DC and after configured user and connected through STAS and no login required i have created multiple groups with user rule in sophos.when user login to system i have checked the log its showing as per created rule but after some time its changed to network based rule so the web policy not applied so if any one having any solution please help.
Check the STAS logs (the STAS + EVENT logs) for the reason. Could be a number of reasons, being replaced by another account of failing the log off detection method. Either way the first place to look is…
i have face same issue stiil any one having solution please help
isuue-After user login with AD credential user get internet .so i have created with multiple user based policy but after 15 to 20 min its changed to network policy so please help.
Hi satyabrata bastia
May I know the number of users affected facing the same issue?
Regards
"Sophos Partner: Infrassist Technologies Pvt Ltd".
If a post solves your question please use the 'Verify Answer' button.
all user having same issue.
Suspecting issue from between your DC and System level
Please follow the link shared by Vivek Jagad and try to make sure settings are as per the document as well as check the logs as guided
Please share all the findings with a snapshot along with the current setting/configuration applied on Sophos XG and DC.
Thanks and regards
i have checked with sophos wmi pooling method using one ip address its showing access denied.so we need to configure wmi or ping method .
Yes, it is a Windows System level issue, how many windows systems you have faced the same access denied message while testing from STAS suite?
The fix is provided by Microsoft as per the below link try and share the result.
https://support.microsoft.com/en-us/topic/kb5004442-manage-changes-for-windows-dcom-server-security-feature-bypass-cve-2021-26414-f1400b52-c141-43d2-941e-37ed901c769c
Contact Microsoft support as well to solve the issue with wmi or ping polling method if above link not useful.
Thanks and Regards
we have 250 user and i have with ip in wmi its denied
Can you try with one or two windows system for a test as per the below link and share the result ?
sir i have check with sophos document for wmi polling method need to configure windows gpo,logon and logoff detection should be enable and inbound wmi connection should be enable .so please tell me which one i will follow to resolve or ping method should be enable
satyabrata bastia said:sophos document for wmi polling method
Yes you have already found the issue with help Sophos Document where wmi is getting failed from Windows System now you have to fix the issue from your Windows Systems as per the shared link.
sir can i share windows issue document i found when i checked with sophos stas document .
i have collected all details with screen shot if you conform then i will send you