You would like to install additional Enterprise Console(s) on your network in order to manage Sophos from other computers. One reason to do this is to delegate tasks to other users, it also saves you having to log on to the Sophos management server.
First seen in
Enterprise Console 4.5.0
What to do
See the Advanced startup guide for the version of Enterprise Console you are running. These guides can be found in the "Documentation" section of the website.
Important: You need to install the same version of Enterprise Console as is running on your management server.
Enterprise Console 5.1
See 'Section 7.5' of the document: 'Sophos Enterprise Console advanced startup guide' available here: http://www.sophos.com/en-us/medialibrary/PDFs/install guides/sec_51_asgeng.pdf
Enterprise Console 5.0
See 'Section 7.5' of the document: 'Sophos Enterprise Console advanced startup guide' available here: http://www.sophos.com/en-us/medialibrary/PDFs/nonindexed/sec_50_asgeng.pdf
Enterprise Console 4.7
See 'Section 6.5' of the document: 'Sophos Endpoint Security and Control 9.7 advanced startup guide for Windows and Mac OS X' available here: http://www.sophos.com/en-us/medialibrary/PDFs/nonindexed/sesc_97_asgeng.pdf
Enterprise Console 4.5
See 'Section 6.6' of the document: 'Sophos Endpoint Security and Control 9.5 advanced startup guide for Windows and Mac OS X' available here: http://www.sophos.com/en-us/medialibrary/PDFs/nonindexed/sesc_95_asgeng.pdf
Additional information
If the Sophos Management server is running on a Windows 2008 server, or a server with a firewall blocking inbound connections you may have to add a firewall rule to allow DCOM communication from the remote console to the management server. Instructions on how to add an inbound DCOM rule to the Windows 2008 firewall are below.
- Open the Windows Firewall with Advanced Security application from Administrative Tools
- Select then right click on the Inbound Rules node in the tree view and select New Rule from the context menu
- When the New Inbound Rule Wizard opens, select the Rule Type page
- Select Custom and click the Next button
- On the Program page, select All Programs and click Customize
- On the resulting Customize Service Settings dialogue, make sure that Apply to all programs and services is selected and click the OK button
- Back on the Program page, click the Next button
- On the Protocol and Ports page, select TCP for the Protocol Type
- Select Dynamic RPC for the Local Port (DCOM uses the Dynamic RPC ports)
- Select All Ports for the Remote Port and click the Next button
- On the Scope page, select Any IP Address for the Local IP Address
- Enter the IP Address (recommended if only one machine is going to connect via DCOM), subnet or IP Address range (recommended if you have a number of machines that will connect via DCOM) of the machine(s) to allow access from for the "Remote IP Address" (or select Any IP Address - recommended if you don't care which machines connect via DCOM) and click the Next button
- On the Action page, select Allow the connection and click the Next button
- On the Profile page, select only the Domain option and click the Next button
- On the Name page, name your rule and click the Finish button
- If the rule shows as disabled, enable it
Note: If you have Enterprise Console v5.x installed Sophos Patch communication should also be allowed. The port you need to exclude depends on what was selected during the installation of the main console. For more information on the port Sophos Patch uses see article 114182.