+ Post New Thread
Results 1 to 8 of 8
Windows Thread, SOPHOS Update User deleted at startup in Technical; When you remotely install Sophos using the EC it creates a local user account on the machine. My problem is ...
  1. #1
    rob998's Avatar
    Join Date
    Jun 2005
    Posts
    128
    Thank Post
    33
    Thanked 21 Times in 7 Posts
    Rep Power
    23

    SOPHOS Update User deleted at startup

    When you remotely install Sophos using the EC it creates a local user account on the machine. My problem is that when my machines restart this user is deleted so Sophos does not update.

    I have recreated the account on the machine and added in the following reg entries:

    [HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\AutoUpdate\Serv ice] "UserPreset"=0x00000001
    This is a dword value
    [HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\AutoUpdate\Serv ice] "ObfuscatedPassword"=0x00000000
    This is a string value
    [HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\AutoUpdate\Serv ice] "Download User"=SophosSAUmachinename
    This is a string value
    [HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\AutoUpdate\Serv ice] "Download Password"=PASSWORD

    I have ran procmon to capture events but as this user is deleted on startup I am not getting anything. As far as I am aware no GPOs have been added or updated recently. I have ran a gpupdate when logged onto the machine but the account is still there until it is restarted.

    I have to redeploy to all machines everyday to make sure they are updated.

    I have deployed to a machine that is not on the domain and the user account remains!

    Does anyone have any ideas which GPO will affect this?

    Cheers

  2. #2

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    From the top of my head I can't think of a GPO which would do this, however I would check logon and startup scripts for something like this:

    Code:
    NET LOCALGROUP administrators SophosUsername /delete

  3. #3

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    If you're running 2008 Server, you can create/delete local accounts as follows.

    I suspect it'll be this or a script deleting the account.

  4. #4
    rob998's Avatar
    Join Date
    Jun 2005
    Posts
    128
    Thank Post
    33
    Thanked 21 Times in 7 Posts
    Rep Power
    23
    Thanks for the reply Michael. I have checked all scripts startup/logon and I dont have anything like that. I am using server 2003 R2.

    Configuring restricted users to assign local admin rights to users in server 2003 wouldn't deleted acounts would it?

  5. #5
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    5,002
    Thank Post
    120
    Thanked 282 Times in 260 Posts
    Rep Power
    108
    Could it be something to do with a restricted group GPO?

  6. #6

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    It must be a script if you're running 2003 Server as I don't think deleting accounts is possible via GPO, but only a script or using MMC.

    I wonder why it's there in the first place? I see no reason to delete the username unless you used to have AV software from another company?

    Are you running GPMC on your servers?

  7. #7
    rob998's Avatar
    Join Date
    Jun 2005
    Posts
    128
    Thank Post
    33
    Thanked 21 Times in 7 Posts
    Rep Power
    23
    I am using GPMC

  8. #8

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    If you move some of the Computer Objects in Active Directory from the Curriculum OU for example to another OU, do you still have the same problem?

SHARE:
+ Post New Thread

Similar Threads

  1. Deleted Exchange Mailbox User is still there - somewhere!
    By Number6 in forum Windows Server 2000/2003
    Replies: 0
    Last Post: 24th November 2009, 05:37 PM
  2. Windows Update in a startup script.
    By MaxBerzon in forum Windows
    Replies: 2
    Last Post: 30th April 2009, 03:48 PM
  3. Deleted Admin User Account
    By timbo343 in forum Windows
    Replies: 8
    Last Post: 18th December 2007, 01:47 PM
  4. Mandatory profile gets deleted along with the user account
    By mark_sharman in forum Network and Classroom Management
    Replies: 2
    Last Post: 23rd February 2007, 09:38 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •