[8.920][CLOSED] Domain Users and Sophos Groups

The endpoint software creates two groups, one for users and one for administrators, named something like "SophosUsers" and "SophosAdministrators", that are necessary to, for example, uninstall the software.
Those groups are only applied to local users, not to domain users.

The catch is, I can install the software as domain user, but I must be a local user to uninstall it again. So, if in a domain, I'm not necessarily able to ever get rid of it again.

Parents

0 rfarcas over 11 years ago

Here is the feedback on this mater:

"If you’re using a domain account to install the endpoint software, that domain account must have admin rights on the local machine. If it doesn’t, you can’t install.
Once the software is installed, our tests show that it can be uninstalled by that same domain account, *IF* tamper protection is not enabled.
If tamper protection has been enabled, then uninstall of the software using the domain account won’t be allowed – the tamper protection must be disabled first."

Does this explain your situation? Was tamper protection off?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 rfarcas over 11 years ago

Here is the feedback on this mater:

"If you’re using a domain account to install the endpoint software, that domain account must have admin rights on the local machine. If it doesn’t, you can’t install.
Once the software is installed, our tests show that it can be uninstalled by that same domain account, *IF* tamper protection is not enabled.
If tamper protection has been enabled, then uninstall of the software using the domain account won’t be allowed – the tamper protection must be disabled first."

Does this explain your situation? Was tamper protection off?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data