Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 6 replies
  • Answers 2 answers
  • Subscribers 11 subscribers
  • Views 27664 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

deploy Endpoint Protection via group policy without enterprise console

BastianMüller1

Hi,

i want to deploy Endpoint Protection in my network.

I followed the KB 119265, 120611 and 13090.

But in 13090 i need enterprise console wich i have not licensed. also i dont know wat is meant with "The subscription folder number (shown as 'Sxxx' in the script below) should be changed to your associated subscription number." where do i get this subsription number? or is this a enterprise console setting?

I use Sophos central.

is there a tutorial how to deploay via active directory without enterprise console?

thanks



This thread was automatically locked due to age.
Parents
  • +1

    https://community.sophos.com/kb/en-us/119265 links to https://community.sophos.com/kb/en-us/120611 and this has an example batch file to run SophosInstall.exe -q on machines.  It tests if mcsclient.exe exists as a quick marker to save running it each time.

    @echo off
    SET MCS_ENDPOINT=Sophos\Management Communications System\Endpoint\McsClient.exe
    IF "%PROCESSOR_ARCHITECTURE%" == "x86" GOTO X86_PROG
    IF NOT EXIST "%ProgramFiles(x86)%\%MCS_ENDPOINT%" GOTO INSTALL
    exit /b 0

    :X86_PROG
    IF NOT EXIST "%ProgramFiles%\%MCS_ENDPOINT%" GOTO INSTALL
    exit /b 0

    :INSTALL
    pushd \\servername\share
    SophosInstall.exe -q
    Popd

    So you create your batch file , e.g sophos,bat and put sophosinstall.exe in a shared location on the network. E.g. 

    \\server\share\sophos.bat
    \\server\share\Sophosinstall.exe

    https://community.sophos.com/kb/en-us/13090 is then provided as an overview on how to run a batch file using a startup script.

    Regards,

    Jak

  • 0 in reply to jak

    Thanks Jak.  I have the script working, but I can't get it to deploy through AD.  I have a Sophos OU with AD security groups in it as described here:

    http://www.grouppolicy.biz/2010/05/how-to-apply-a-group-policy-object-to-individual-users-or-computer/

    I have a Sophos Deployment GPO setup with Security filtering set to the Sophos security group.

    When I do gpupdate /force on the end user's computer that I'm testing, the policy isn't deployed.  I've rebooted the end user's computer a few times as I keep testing, but I can't seem to get the policy to deploy.  Up until now, all my GPO have been applied to computer groups.  Since I sync Sophos using AD Sync using security groups, I want Sophos to be deployed using these same security groups (for ease of deployment/management).

    Any thoughts on what I'm missing?

    Thanks,

    Jon

     

Reply
  • 0 in reply to jak

    Thanks Jak.  I have the script working, but I can't get it to deploy through AD.  I have a Sophos OU with AD security groups in it as described here:

    http://www.grouppolicy.biz/2010/05/how-to-apply-a-group-policy-object-to-individual-users-or-computer/

    I have a Sophos Deployment GPO setup with Security filtering set to the Sophos security group.

    When I do gpupdate /force on the end user's computer that I'm testing, the policy isn't deployed.  I've rebooted the end user's computer a few times as I keep testing, but I can't seem to get the policy to deploy.  Up until now, all my GPO have been applied to computer groups.  Since I sync Sophos using AD Sync using security groups, I want Sophos to be deployed using these same security groups (for ease of deployment/management).

    Any thoughts on what I'm missing?

    Thanks,

    Jon

     

Children
Unfiltered HTML