Windows Thread, SOPHOS Update User deleted at startup in Technical; When you remotely install Sophos using the EC it creates a local user account on the machine. My problem is ...
28th February 2011, 12:20 PM #1
SOPHOS Update User deleted at startup
When you remotely install Sophos using the EC it creates a local user account on the machine. My problem is that when my machines restart this user is deleted so Sophos does not update.
I have recreated the account on the machine and added in the following reg entries:
[HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\AutoUpdate\Serv ice] "UserPreset"=0x00000001
This is a dword value
[HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\AutoUpdate\Serv ice] "ObfuscatedPassword"=0x00000000
This is a string value
[HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\AutoUpdate\Serv ice] "Download User"=SophosSAUmachinename
This is a string value
[HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\AutoUpdate\Serv ice] "Download Password"=PASSWORD
I have ran procmon to capture events but as this user is deleted on startup I am not getting anything. As far as I am aware no GPOs have been added or updated recently. I have ran a gpupdate when logged onto the machine but the account is still there until it is restarted.
I have to redeploy to all machines everyday to make sure they are updated.
I have deployed to a machine that is not on the domain and the user account remains!
Does anyone have any ideas which GPO will affect this?
IDG Tech News
28th February 2011, 12:32 PM #2
From the top of my head I can't think of a GPO which would do this, however I would check logon and startup scripts for something like this:
NET LOCALGROUP administrators SophosUsername /delete
28th February 2011, 12:39 PM #3
If you're running 2008 Server, you can create/delete local accounts as follows.
I suspect it'll be this or a script deleting the account.
1st March 2011, 08:53 AM #4
Thanks for the reply Michael. I have checked all scripts startup/logon and I dont have anything like that. I am using server 2003 R2.
Configuring restricted users to assign local admin rights to users in server 2003 wouldn't deleted acounts would it?
1st March 2011, 09:03 AM #5
Could it be something to do with a restricted group GPO?
1st March 2011, 02:12 PM #6
It must be a script if you're running 2003 Server as I don't think deleting accounts is possible via GPO, but only a script or using MMC.
I wonder why it's there in the first place? I see no reason to delete the username unless you used to have AV software from another company?
Are you running GPMC on your servers?
2nd March 2011, 12:41 PM #7
2nd March 2011, 12:49 PM #8
If you move some of the Computer Objects in Active Directory from the Curriculum OU for example to another OU, do you still have the same problem?
By Number6 in forum Windows Server 2000/2003
Last Post: 24th November 2009, 06:37 PM
By MaxBerzon in forum Windows
Last Post: 30th April 2009, 04:48 PM
By timbo343 in forum Windows
Last Post: 18th December 2007, 02:47 PM
By mark_sharman in forum Network and Classroom Management
Last Post: 23rd February 2007, 10:38 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)