About Sophos groups
Sophos Endpoint Security and Control restricts access to certain parts of the software to members of certain Sophos groups.
When Sophos Endpoint Security and Control is installed, each user on this computer is initially
assigned to a Sophos group depending on their Windows group.
| Windows group | Sophos group |
|---|---|
| Administrators | SophosAdministrator |
| Power Users | SophosPowerUser |
| Users | SophosUser |
Users who are not assigned to a Sophos group, including Guest users, can only perform the following tasks:
- On-access scanning
- Right-click scanning
SophosUsers
SophosUsers can perform the tasks above and also perform the following tasks:
- Open the Sophos Endpoint Security and Control window
- Set up and run on-demand scans
- Configure right-click scanning
- Manage (with limited privileges) quarantined items
- Create and configure firewall rules
SophosPowerUsers
SophosPowerUsers have the same rights as SophosUsers, with the addition of the following rights:
- Greater privileges in Quarantine manager
- Access to Authorization manager
SophosAdministrators
SophosAdministrators can use and configure any part of Sophos Endpoint Security and Control.
Note If tamper protection is enabled, a SophosAdministrator must know the tamper
protection password to perform the following tasks:
- Configure on-access scanning.
- Configure suspicious behavior detection.
- Disable tamper protection.
Note For more information, see About tamper protection on this computer.