Need to move endpoints between sub estates
The ability to move endpoints between sub estates is needed. Reinstalling sophos whenever the move needs to happen is not a sustainable solution.
Had a recent call with our reps and found that there is a --registeronly switch for the installer which allows you to re-register to a new sub-estate.
On your enterprise dashboard go to Deployment
Expand Windows (or Mac)
Here you can download the installer and a csv with installation switches for each of your sub-estates
add --registeronly to the end of the command and run the installer on every computer you want to move
The process takes only a few moments to complete and the computer is moved to the new sub-estate
Agree with Ian. I need to be able to manage my endpoints without needing to uninstall/re-install the endpoint software. Please make this feature available.
Ian Trimnell commented
This is a much needed function. I have a sub-estate which needs to have it's 500+ devices moved to another, existing sub-estate. It would be so much easier to issue the command from the dashboard than having to run a script on every device - hoping that we've got them all. It would also enable us to easily check which devices have successfully move.
Parece ser diferente con respecto al EndPoing Intercept X podrían ayudar como cambiarlo para esta versión:
Core Agen 2.4.1
Endpoint Advanced 10.8.3.441
Sophos Intercept X 220.127.116.11
Sería muy buena opción, lo que no encuentro es como sacar el toker para realizar dicho procedimiento
There is a workaround you can use until they make a simplier way of doing this. Use the golden image KB article. instead of leaving the registration token blank, obtain the one from the correct sub-estate and apply it. I created a batch file (see below) which you can use. You just need to enter the token of the sub-estate you want it to move to. You do need to disable tamper protection on the machine and run the script as admin. The script was created by me automating the KB.
NET STOP "Sophos MCS Client"
DEL "C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\Credentials" /F
DEL "C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\EndpointIdentity.txt" /F
DEL "C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\*.xml" /F
DEL "C:\ProgramData\Sophos\AutoUpdate\data\machine_ID.txt" /F
DEL "C:\ProgramData\Sophos\Management Communications System\Endpoint\Config\registration.txt" /F
echo [McsClient]>>"C:\ProgramData\Sophos\Management Communications System\Endpoint\Config\registration.txt"
echo Token=INSERT TOKEN HERE>>"C:\ProgramData\Sophos\Management Communications System\Endpoint\Config\registration.txt"
NET START "Sophos MCS Client"
I agree with Will. In large organisations, people move around.. alot. There is an unsupported script but this still requires the use of GPOs. We need the ability to move devices and users from one sub estate to another within the console please.