Recently I have been doing a lot of movements of server roles, one of those was changing our DCs to newer servers that will be pure best practice based (nothing else on them other than AD/DNS/File Storage). One of the old server however had the Sophos Enterprise Console (v4.7 for anyone who is keeping count) on and after removing AD DS from the server I was getting the following error when trying to get to the Sophos Enterprise Console-

Cannot open Sophos Enterprise Console

The user “DOMAIN\Administrator” is not assigned to any sub-estates. You must be a member of at least one sub-estate to run this console.

Contact your Administrator to resolve this issue.

Upon inspection (in Server Manager > Configuration > Local Users and Groups) it appeared that the user group Sophos Full Administrators no longer existed.

The simple solution is to create a new group (called Sophos Full Administrators) and assign your Administrative account to it, the screen shots below show this in a little more detail.

VN:F [1.9.22_1171]
Thumbs up if this article helped you :)
Rating: +3 (from 3 votes)
Sophos Enterprise Console - You must be a member of at least one sub-estate to run this console, 100% based on 3 ratings

2 Responses to Sophos Enterprise Console – You must be a member of at least one sub-estate to run this console

  • Michael Fix says:

    had previously ran some Windows updates, don’t know what caused the permission change but when I added the “Sophos Full Administrators” to Domain Admins everything worked again. Thanks for your posting!!!

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>