Question : SoposAdministrator


we are slowly deploying Sophos SBE endpoint security from version 7 to 9.  the issue we have is that all or most machines which have version 9 installed have full access to the sophos console i.e can disable components, device control HIPS etc.
we have removed the group which is part of sophosadministrators group which fixes the security issue, however, does anyone know why this has added this administrator group to the sophosadministrator group?


Answer : SoposAdministrator

By default any users/groups that are members of the local Administrators group are granted Sophos Administrators privilege.  I can only assume that this is a carry-over from the standalone installations where it makes sense to grant yourself admin access to the controls (albeit a sloppy method of assuming privileges)
Random Solutions  
programming4us programming4us