When you try to access Sophos locally, you may get the following message:
"You do not have sufficient privileges to run the Sophos Endpoint Security and Control main application. You are not a member of any of the Sophos groups."
Found the following article, which describes this issue (in essence, the SIDs of the local Sophos groups are wrong when compared with the central control database). This doesn't cause any issues with the effectiveness of the AV; it will still update and detect/ deal with threats but it prevents local access to the client application.
http://www.sophos.com/en-us/support/knowledgebase/113207.aspx
To fix this issue:
The fix is to either run a vbs file (provided in the link) with some manual steps afterwards or follow this procedure:
Manually calculate the SID value and update the XML file
Obtain the new SID values
- Open a command prompt (Start | Run | Type: cmd.exe | Press return).
- Type: wmic /node:localhost group where (localaccount=true and name like 'sophos%') GET Caption, SID > SophosLocalGroups.txt
- Open the SophosLocalGroups.txt file in Notepad by typing SophosLocalGroups.txt from the command prompt.
- Once you have run this open the file SophosLocalGroups.txt using Notepad.exe to obtain the new SIDs of the Sophos groups.
Update the existing SID values to the new ones
- Open Windows services (Start | Run | Type: services.msc | Press return) and stop the Sophos Anti-Virus service.
- Open one of the following files in a text editor, such as Notepad.exe, according to your operating system:
- For Windows Vista and above:
- C:\ProgramData\Sophos\Sophos Anti-Virus\Config\machine.xml
- For Windows 2000/2003/XP:
- C:\documents and settings\All users\Application data\sophos\Sophos Anti-Virus\Config\machine.xml
- At the top of the file, locate the 'Security' section. Using the ID values you obtained above, for each of the roles, update the SID values to the new SID value for the local groups, for example,
- <role name='SophosAdministrator'><SID>S-1-5-21-3575766963-4128555015-3935694525-1029</SID></role>
- <role name='SophosPowerUser'><SID>S-1-5-21-3575766963-4128555015-3935694525-1028</SID></role>
- <role name='SophosUser'><SID>S-1-5-21-3575766963-4128555015-3935694525-1027</SID></role>
- Where:
- S-1-5-21-3575766963-4128555015-3935694525 is the new SID of the machine, the last number is the unique group identifier.
- Note: There may be more than one SID value for each account. In this case you can add an additional line using the new SID value. Example:
- <role name='SophosAdministrator'>
- <SID>S-1-5-21-286604240-1627713736-1734124843-1234</SID>
- <SID>S-1-5-21-286604240-1627713736-1734124843-2345</SID>
- <SID>S-1-5-21-286604240-1627713736-1734124843-3456</SID>
- </role>
- Once the file machine.xml has been updated, save the file.
- Start the Sophos Anti-Virus service.
- Check that the account, which is a member of one of the above Sophos groups, can now open the Sophos Endpoint Security and Control user interface.
Comments
0 comments
Please sign in to leave a comment.