Enterprise Console: error message when remote console started by domain user

  • Article ID: 14891
  • Rating:
  • 2 customers rated this article 1.0 out of 6
  • Updated: 27 Jan 2012

An error message is reported when an Enterprise Console remote console is started in a domain environment by a domain user.

Cannot start Enterprise Console
Only members of the Sophos Console Administrators group on [computer_name] are allowed to run the Sophos Enterprise Console.
Sophos Enterprise Console is unable to recover from this error.

What to do

You should be able to run Enterprise Console with a domain administrator account.

Otherwise, try the following in order.

1. Check the user

Check to see if the user attempting to run the remote console is a member of the Sophos Console Administrators group on the management server computer.

If it is not:

  • add the user to the Sophos Console Administrators group
  • try to start the remote console again.

2. Edit the DCOM Value in the registry

Check the following on both the management server and the remote console computer.

  1. Select Start|Run
  2. Type regedit
  3. Locate HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ole
  4. Look for the entry EnableDCOM
  5. If the entry is marked N, change it to Y.

    If there is no EnableDCOM entry, add it and set it to Y.

3. Check the Management server on Windows XP SP2 or Windows 2003 SP1

If the management server is on Windows XP Service Pack 2 (SP2) or Windows 2003 Service Pack 1 (SP1), follow the steps below, then try to use the remote console again.

Note: You cannot do this on Windows 2000.

On Windows XP, do as follows:

  1. Select Start|Control Panel.
  2. Select 'Performance and Maintenance' (if your Control Panel is in Category view only, otherwise, go to step 3).
  3. Select 'Administrative Tools'.
  4. Select Local Security Policy.
  5. Select Local Policies|Security Options.
  6. Double-click 'DCOM: Machine Access Restrictions ...'.
  7. Click 'Edit Security'.
  8. Click 'Add'.
  9. In the text box, type
    Sophos Console Administrators
  10. Click 'Check names'.
  11. Click 'OK'.
  12. Highlight the group 'Sophos Console Administrators'.
  13. For Remote Access, select 'Allow'.
  14. Double-click 'DCOM: Machine Launch Restrictions ...'.
  15. Click 'Edit Security'.
  16. Click the user 'Everyone'.
  17. For Remote Launch, select 'Allow'.
  18. For Remote Activation, select 'Allow'.
  19. Click 'OK' twice.

Then try to use the remote console again.

On Windows Server 2003 / 2008 make the domain user a member of:

  • Distributed COM Users
  • Sophos Console Administrators
  • Sophos DB Users (if you want access to Enterprise Console reporting).

Log that user off and on again, then try to use the remote console again.

If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent