Sophos Endpoint Configuration GPO to turn off Tamper protection and restore deleted Devices on Sophos Central the instruction

1 Situation

During use, we mistakenly deleted 2 devices from central, because the computer still has tamper protection, so we cannot uninstall or reinstall the endpoint and return the device to central.

This article thegioifirewall will guide you to configure the fix by turning off tamper protection on the device using GPO and restoring the Device back to Sophos Central.

2 Diagram

In this model, two Windows 10 machines have joined the domain and installed Sophos Endpoint. Server 2016 acts as a domain controller and deploys GPOs to Windows 10 machines.

Windows 10 machines have network access and access to Sophos Central.

3 Implementation steps

We proceed as follows:

• Create a GPO that turns off Tamper protection on each device
• Sophos Endpoint Reinstall Deployment Using GPO
• Check the result

3.1 Create a GPO with Tamper protection off

We access Sophos Central to retrieve the tamper of the deleted machines, access the following section.

Logs & Reports >> Recover Tamper Protection passwords

Save the password of 2 deleted machines.

We create a GPO to turn off tamper protection as follows

At the Domain controller machine. Create GPO applied to 2 computers that need to be fixed.

We edit the policy and select run Startup Scripts

Sript has Parameters as follows

Script name is the local file path of the computer

C:\Program Files\Sophos\Endpoint Defense\SEDcli

Script parameter is the parameter to turn off tamper protection and then the Password of PC1

-OverrideTPoff password

Similarly create a script to turn off tamper protection for PC2 with the password tamper of PC2

After applying, we proceed the Policy on the machines

The policy will be dumped on the client computers and when restarted, the client will run a command to turn off tamper protection.

We can check at each machine by opening the endpoint and if the setting appears as follows, we have successfully turned off tamper protection.

3.2 Implement reinstall Sophos Endpoint using GPO

To bring the two above devices back to central we need to reinstall the Sophos endpoint

We follow the instructions of the following article to install Sophos Endpoint using GPO

Hướng dẫn cấu hình cài đặt Sophos Endpoint bằng GPO trên Windows Server

Install using GPO

3.3 Check the results

After successfully reinstalling on the machines, we access the Central page to see if our devices are back or not.

So we got the device back on Central. Good luck