Roll back to Sophos Enterprise Console

After you migrate computers to Sophos Central, you can roll them back to Sophos Enterprise Console management.

Introduction

You use a Sophos script to roll computers back. The script does as follows:

  • Finds the Sophos Central agent software on computers and uninstalls it.
  • Runs the Sophos Endpoint Security and Control installer from a central installation directory (CID) to reprotect the computers.

Rollback requirements

The requirements for using the script are as follows:

  • Only run the script on computers managed by Sophos Central. These appear in the migration tool with the status "In Cloud", "In Cloud (error)", or "In Cloud (critical error)".
  • Turn off Server Lockdown (if you use it on your servers).
  • Ensure the script is run on the computers as Administrator.
  • Use cscript or wscript to call the script. The only difference is the logging:

    wscript outputs errors and details to the console

    cscript outputs errors and details to the default log file %temp%\SophosCloudRollback.log

Note If you have Windows Server Core, which does not have a user interface, use cscript.

Download and run the script

To use the script, do as follows:
  1. Get the rollback script from https://sophserv.sophos.com/repo_kb/122211/file/rollback.vbs.txt
  2. Make sure you rename the file to rollback.vbs
  3. Run the script with the command to run the Sophos Endpoint Security and Control installer, including the update path and credentials.
    cscript C:\RollbackScript\rollback.vbs
    \\myServer\SophosUpdate\CIDs\S000\SAVSCFXP\setup.exe -user administrator -pwd admin -s -mng yes

    This example connects to the central installation directory (CID) as user "administrator" with password "admin", runs the installer silently, and confirms the computer is managed.

    For details of all the parameters, see Sophos Endpoint: Command line parameters used by setup.exe.

    We recommend that you obfuscate the credentials with the -ouser and -opwd parameters.

    If you see the following error message, go to Sophos Central and turn off Server Lockdown. Go to a server's details page and click Unlock or turn off the Server Lockdown policy.


    "Application blocked" error message

After you run the script, you must do the post-rollback tasks described below.

Post-rollback tasks

When the rollback is complete and the computer shows as managed in Sophos Enterprise Console, do as follows:
  1. Delete the computers from Sophos Central.
    1. In Sophos Central Admin, select Devices.
    2. Select the checkbox next to each computer you rolled back.
    3. Click Delete and then OK.
  2. In Sophos Enterprise Console, update the computers.
    1. In Computer View, find the computers.
    2. Right-click the computers and select Update Computers Now.