During use, we mistakenly deleted 2 devices from central, because the computer still has tamper protection, so we cannot uninstall or reinstall the endpoint and return the device to central.
This article we will guide you to configure the fix by turning off tamper protection on the device using GPO and restoring the Device back to Sophos Central.
In this model, two Windows 10 machines have joined the domain and installed Sophos Endpoint. Server 2016 acts as a domain controller and deploys GPOs to Windows 10 machines.
Windows 10 machines have network access and access to Sophos Central.
3 Implementation steps
We proceed as follows:
- Create a GPO that turns off Tamper protection on each device
- Sophos Endpoint Reinstall Deployment Using GPO
- Check the result
3.1 Create a GPO with Tamper protection off
We access Sophos Central to retrieve the tamper of the deleted machines, access the following section.
Logs & Reports >> Recover Tamper Protection passwords
Save the password of 2 deleted machines.
We create a GPO to turn off tamper protection as follows
At the Domain controller machine. Create GPO applied to 2 computers that need to be fixed.
We edit the policy and select run Startup Scripts
Sript has Parameters as follows
Script name is the local file path of the computer
C:\Program Files\Sophos\Endpoint Defense\SEDcli
Script parameter is the parameter to turn off tamper protection and then the Password of PC1
Similarly create a script to turn off tamper protection for PC2 with the password tamper of PC2
After applying, we proceed the Policy on the machines
The policy will be dumped on the client computers and when restarted, the client will run a command to turn off tamper protection.
We can check at each machine by opening the endpoint and if the setting appears as follows, we have successfully turned off tamper protection.
3.2 Implement reinstall Sophos Endpoint using GPO
To bring the two above devices back to central we need to reinstall the Sophos endpoint
We follow the instructions of the following article to install Sophos Endpoint using GPO
Install using GPO
3.3 Check the results
After successfully reinstalling on the machines, we access the Central page to see if our devices are back or not.
So we got the device back on Central. Good luck