Sophos and the Admin Password

[button_ripple]

Because the ICT Co-ordinator decided to tell their pupils our admin password, we have had to change it. Now Sophos will not work - is there anyway to change the password that Sophos uses? At the moment it looks like we have to uninstall sophos and re-install it on all the computers because no deployment software works in this school!!!

[ChrisH]

Just use the console to redeploy to all the computers over the top of the current installaion using the new password.

Also your ICT co-ordinator should be reminded of the various issues of them having admin access eg data protection etc etc.

[clareq]

Do you run the Sophos Mangement Console? Edit the updating policy there.

[Oops_my_bad]

Do you run the Sophos Mangement Console? Edit the updating policy there.

 

You can't just edit the updating policy - this is Sophos we're talking about here things are not that simple :!: You would have to do what ChrisH says (and in future, give your sophos service a different password )

[FN-GM]

I would create a special Sophos account so it will stop these things appening. Also i have a script that will totally strip Sophos of a computer if you run into problems. Let me know if you would like it.

 

Z

[maniac]

Second the above, you should really have seperate service accounts, with complex passwords for added security. These accounts should only have the permissions necessary, very few of them should need full domain admin rights, and they should never be given out or used for any other purpose other than installing services like these.

 

We have a general service account which things like scheduled tasks run under, and key services like sophos have their own dedicated account on our network.

 

Mike.

[Michael]

@button_ripple - Sophos uses a default service account called "sweepupd". Search for this in Active Directory, change the password, then change the password(s) in Sophos EM.

 

You do not need to uninstall and re-install Sophos. You just need to force an update so your workstations receive up-to-date account information.

 

I have to say that for any teacher (especially the co-ordinator) to disclose the admin password to their pupils really needs a good slap.

[clareq]

Do you run the Sophos Mangement Console? Edit the updating policy there.

 

You can't just edit the updating policy - this is Sophos we're talking about here things are not that simple :!: You would have to do what ChrisH says (and in future, give your sophos service a different password )

 

Well, we change all admin passwords regularly, and we always roll out the password change that way.

[LukeC]

how come the ICT co-ordinator had access to the admin account and what made him give out the password to the children more so? Edited March 23, 2009 by john
please use the correct spelling of come

[AyatollahPies]

I'm getting more and more worried about ICT co-ordinators. Edited March 24, 2009 by AyatollahPies
Spellink

[Sophos-Support-5]

You can't just edit the updating policy - this is Sophos we're talking about here things are not that simple :!: You would have to do what ChrisH says (and in future, give your sophos service a different password )

 

Uninstall and reinstall? Rubbish. Use the console like everyone says! And why is every SAV problem on here followed a few posted down with "I have a removal script". It's not broke, just not configured.

 

All you need to do is change the updating policy in the Enterprise Console and the client will pick it up.

 

*IF* you're really stuck the credentials are stored locally in...

 

%programfiles%\Sophos\AutoUpdate\Config\iconn.cfg

 

...and YOU could script something to swap out the current file for a new one on boot/logon/shutdown etc.

 

If you need to obfuscate the password then look at: Enterprise Console: obfuscating the username and password

 

FYI: sweepupd is not an automatically created account. It's just that it's been on peoples systems since SAV4 that everyone thinks we put it there . However a "quick install" of EM Library creates a "SophosEndpoint" account. Otherwise it's up to you what account you use for updating. We don't recommend using anything as powerful as an admin unless troubleshooting an updating problem etc.

[gshaw]

I use a standard domain account that's been given local admin rights via restricted groups so it can do the remote installs via the "Protect Computers" wizard and also use it for the updates. We've got that sweepupd account as well, always wondered if it was some legacy account from a bygone age

[KarlGoddard]

Uninstall and reinstall? Rubbish. Use the console like everyone says! And why is every SAV problem on here followed a few posted down with "I have a removal script". It's not broke, just not configured.

 

All you need to do is change the updating policy in the Enterprise Console and the client will pick it up.

 

*IF* you're really stuck the credentials are stored locally in...

 

%programfiles%\Sophos\AutoUpdate\Config\iconn.cfg

 

...and YOU could script something to swap out the current file for a new one on boot/logon/shutdown etc.

 

If you need to obfuscate the password then look at: Enterprise Console: obfuscating the username and password

 

FYI: sweepupd is not an automatically created account. It's just that it's been on peoples systems since SAV4 that everyone thinks we put it there . However a "quick install" of EM Library creates a "SophosEndpoint" account. Otherwise it's up to you what account you use for updating. We don't recommend using anything as powerful as an admin unless troubleshooting an updating problem etc.

 

crikey... I've just found myself agreeing with someone from Sophos... whatever next I wonder?

[chrbb]

I use a standard domain account that's been given local admin rights via restricted groups so it can do the remote installs via the "Protect Computers" wizard and also use it for the updates. We've got that sweepupd account as well, always wondered if it was some legacy account from a bygone age

 

I've decided to add staff laptops to sophos console, currently they have standalone sophos installed which will update in school and at home but I can't keep an eye on virus alerts etc, so thought I would add them. But I don't want to use the domain admin username and password when I protect the laptops, can anyone give me dummy's guide to setting up another user to have enough rights to use in sophos, as in the explanation above - please?

[lukang]

You might actually learn something thats what was next

[p858snake]

Because the ICT Co-ordinator decided to tell their pupils our admin password, we have had to change it.

A. ICT Co-ordiator as in teching or the IT dept side of it?

B. Why did he do it?

C. Did he get punished at all?

[allegatorsnacking]

Thank you very much for posting this. I was unable to contact Sophos Support directly (creating tickets, sending emails, calling support) nor was my local partner able to help so I'm really glad I happened across this.

 

Our Sophos update account passwords were out-of-sync causing installation to fail on some clients, and requiring me to manually override the passwords on others. To resolve it all I needed to do was to change the password on the AD object, then enter that same password into the Sophos Enterprise Console, then force an update on all workstations.