This article provides information on protecting servers with Sophos Cloud with a focus on the policy model.
Applies to the following Sophos product(s) and version(s)
Protecting Servers with Sophos Cloud
Policies in Sophos Cloud are currently applied on a user basis with device based coming in the future, therefore when defining policies for your servers you should consider the following questions:
- Who are the users that log on to the server and what are their defined policies?
- Do multiple accounts administer the server concurrently and how do they connect?
- What policies do I need to assign to each server and what customization do I need to make?
When you install Sophos Cloud endpoint software on the server, the computer will typically get the base policy, unless the user performing the installation has a custom policy defined.
After installation, if the users log off the policy applied at install time will remain in place. If a user logs on to the computer with a different policy, that user policy will be set.
As servers often have multiple users logging on to them, sequentially and/or concurrently and only one policy can be configured at a time; decisions on which policy should be applied must be made. The current rules that govern this decision are as follows:
- Session type - The policy of a user logged on to the interactive (console) session is applied before a Remote Desktop Protocol (RDP) session.
- Session State - An ‘active’ session will be applied above an ‘idle’ session.
- User name - Finally the policy will be applied based on the username in alphabetical order.
For example, if a server is being administered via a single RDP session by UserA, and UserB logs on to the computer locally, the policy of UserB will be applied until he logs off. If UserA is still logged on, the policy of UserA will then be applied.
Evidence for which policy will be applied can be seen in the Sophos ‘MCSClient.log’ file; as the user changes, the following line is logged:
INFO StatusHandler The logged-on user is [username]
As a result, to ensure the correct policy is maintained where users have custom policies defined, all users logging on to the computer should be configured with the required policy. If an unknown user to the system logs on, the computer will receive the base policy by default.
- Recommended vendor exclusions for use with Sophos products (Windows) - article 35970.