Sophos

Online support

Product maintenance

Contact support

Support services

Enterprise Console: How to protect computers that are in a workgroup

Issue
How to use Enterprise Console to deploy Sophos Anti-Virus to computers in a workgroup.
NOTE: You cannot deploy to a client computer that has 'XP Home' installed.

Sophos product and version 
Enterprise Console 

Operating system
Windows 2000/XP/2003/Vista

What to do

You must work through all of the following steps. Sections 1, 2, 3 and 4, must be performed on every XP Pro or Vista client computer in the workgroup. (If you have client computers with other operating systems in the workgroup, you can omit section 2 on those particular computers.) Sections 5 and 6 must be carried out on the computer which has Enterprise Console installed.

1. Create the Sophos user

  1. Go to Windows Control Panel and click on 'User Accounts'.
  2. Select 'Create a new account', call the account 'Sophos' and click 'Next'.
  3. Select 'Computer Administrator'|'Create Account'
  4. Click on the new 'Sophos' account and then select 'Create Password'.
  5. Enter the password details required (make sure you set up and use the same password on all computers).

2. Do one of the following (either a or b)  if the client computer is XP Pro or Vista. If it has a different operating system, go to section 3.

a.) XP Pro computers only

  1. Go to Windows Control Panel and select 'Folder Options'.
  2. Click on the 'View' tab.
  3. Scroll to the bottom of the list and deselect 'Use Simple File Sharing'.
  4. Click OK.

b.) Vista computers only

  1. Go to Windows Control Panel and select 'User Accounts'
  2. Click on the 'Turn on or off User Access Control (UAC)'
  3. Untick 'Use UAC'
  4. Reboot the computer.

3. Enable the services required for deployment

  1. Go to Start|Run, type in 'services.msc' and click OK.
  2. Ensure that the following are started and set to automatic:
    • Computer Browser
    • Remote Registry
    • Task Scheduler Service

4. Open the Windows Firewall ports to allow Sophos to communicate

You must perform the following on all client computers and the server.

  1. Go to Windows Control Panel and double-click on Windows Firewall.
  2. On the 'Exceptions' tab, click on 'Add Port'
  3. Call it 'Sophos1', the port number should be 8192 on TCP
  4. Click OK
  5. Repeat the above steps, adding Sophos2 (8193) and Sophos3 (8194).

5. Set the updating policy

  1. Open the EM Console and Right click on the updating policy
  2. Select 'View/Edit Policy'
  3. Select 'Configure' for the required operating system(s)
  4. In the primary server, ensure the address is correct (e.g. \\Servername\InterChk\ESXP)
  5. Enter the 'Sophos' updating username and password.

6. Deploy to the network computers

  1. Right-click on the computers that require installation and select 'Protect Computers'.
  2. Keep pressing 'Next' until you are asked for an Administrator account. Now enter:
    • the 'Sophos' account you created above
    • your chosen password
  3. Press 'Next' and finish the wizard once all of the computers have been found.

You should see orange arrows appear on all of the new computers, they should then go green after a short while, then turn to an hourglass and finally just a blue computer. At this stage the computers should start reporting to the Enterprise Console (it may take 5-10 minutes for all of them to do so).

Technical information
This procedure is required by Windows because of the way it manages computers in workgroups.

If you need more information or guidance, then please contact technical support.