With the security on Windows devices improving natively, things are a little more difficult now to push applications out to the desktop – this is something that should be welcomed, but at the same time makes installation of products like Sophos Antivirus a little more difficult to deploy via the Enterprise Manager.
There are some pre-requisite steps that now need to be taken prior to deployment:
1) Allow traffic to the SBS Server from the LAN.
netsh firewall add portopening TCP 8192 “Sophos”
netsh firewall add portopening TCP 8193 “Sophos”
netsh firewall add portopening TCP 8194 “Sophos”
netsh firewall add portopening TCP 8081 “Sophos quarantine digest”
2) Open up Group Policy and edit the Domain Group Policy ->Computer Config->Windows Settings ->Security Settings->System Services. Ensure that:
Remote Registry: Automatic
Computer browser: Automatic
3) Allow traffic on the workstations…. Computer Config > Administrative Templates > network > Network Connections > Windows Firewall > Domain Profile
You should then be able to assign the machines to groups within the Enterprise Console