If you use role-based administration, you must have the Computer
search, protection and groups right. For more information, see
Managing roles and sub-estates.
If you have a complex Active Directory structure and want to synchronize domain
local groups or nested Active Directory groups, enable this functionality as
described in knowledgebase article 122529.
To synchronize with Active Directory:
Select a group that will become your synchronization point,
right-click and select
Synchronize with Active Directory.
The Synchronize with Active Directory wizard starts.
On the
Overview page of the wizard, click
Next.
On the
Choose an Enterprise Console group page,
select or create an Enterprise Console group that you want keep synchronized
with Active Directory (synchronization point). Click
Next.
On the
Choose an Active Directory container page,
select an Active Directory container which you want to synchronize the group
with. Enter the name of the container (for example,
LDAP://CN=Computers,DC=domain_name,DC=local) or click
Browse to browse to the container in Active
Directory. Click
Next.
Important: If a computer exists in more than one
synchronized Active Directory container, it causes a problem, with messages
being exchanged continually between the computer and
Enterprise Console.
Each computer should be listed only once in
Enterprise Console.
If you want to protect Windows workstations automatically, on the page
Protect Computers Automatically, select the check box
Install Sophos security software automatically, and
then select the software you want to install.
Before installing Firewall on computers, make sure you have
configured the firewall to allow the traffic, applications, and processes
you want to use. By default, the firewall is enabled and blocks all
non-essential traffic. See Firewall policy.
Leave Third-Party Security Software Detection selected if you
want to have another vendor's software removed automatically. If you need to
remove another vendor's updating tool, see Remove third-party security software.
All Windows workstations discovered during this and future
synchronizations will be protected automatically, in compliance with their
respective group policies.
Important: Computers running Windows server operating systems, Mac OS, Linux, or
UNIX will not be protected automatically. You must protect such computers
manually, as described in the Sophos Enterprise Console advanced startup guide.
Note: You can enable or disable automatic protection later, in the
Synchronization properties dialog box. For
instructions, see View and edit synchronization properties.
Click Next.
If you chose to protect computers automatically, on the
Enter Active Directory Credentials page, enter
the details of an administrator account that will be used to install software
on the computers. Click
Next.
On the
Choose the Synchronization Interval page,
choose how often you want to synchronize the Enterprise Console group with the
Active Directory container. The default is 60 minutes.
Note: You can change the synchronization interval later, in the
Synchronization properties dialog box. For
instructions, see
View and edit synchronization properties.
On the
Confirm Your Choices page, check the details,
and then click
Next to proceed.
On the last page of wizard, you can view the details of the groups
and computers that have been synchronized.
You can also set up email alerts to be sent to your chosen
recipients about new computers and groups discovered during future
synchronizations. If you chose to protect computers in synchronized groups
automatically, you can also set up alerts about automatic protection failures.
To open the
Configure Email Alerts dialog box after you
click
Finish, select the check box on the last
page of the wizard. For instructions, see
Set up Active Directory synchronization email alerts.