good evening,
for the last 15+ years we have happly used the older sophos AV product, this had the natty little option to update from a local server in the first instant and sophos in the second.
we seam to have hit a wall with this new version, firstly the resolution provided for sophos central at present works great if the machine is only ever going to be going out via the "schools" proxied network. but and this is the big but.. Shock horror teachers use their laptops at home! every night and weekends and over the holidays.
as i understand it and please feel free to correct me, but this would mean when they are away from the schools home network, sophos stops working as its trying to find a proxy.
the instructions below are that of support team for about 20 other schools all using sophos are as below but with the major bit which we cant swollow as its just nuts to think its ok to leave a machine unprotected!
"Hi
What To Do
Ensure that the user account running SophosInstall.exe can access the locations mentioned in the log file.
Note: If SophosInstall.exe is running in the SYSTEM account context, e.g. where deploying through Group Policy start-up scripts; ensure that the SYSTEM user account can access the Internet.
If you are using a proxy server, consider the following option:
1. On the computer you wish to configure, open a command prompt and run as the Administrator (Start | Run | Type: cmd.exe | Right Click | Run as Administrator).
2. Enter the following:
o 32-bit:
o netsh winhttp set proxy proxy-server="http=your_proxy_server:your_proxy_port;https=your_proxy_server:your_proxy_port"
o 64-bit:
o cd C:\Windows\SysWOW64 [press enter]
o netsh winhttp set proxy proxy-server="http=your_proxy_server:your_proxy_port;https=your_proxy_server:your_proxy_port"
o Note: Replace 'your_proxy_server' and 'your_proxy_port' with your proxy configuration.
3. Once configured attempt another installation by re-running SophosInstall.exe
the roll out script see below to automate the install of sophos from a GPO.
@echo off
SET MCS_ENDPOINT=Sophos\Management Communications System\Endpoint\McsClient.exe
IF "%PROCESSOR_ARCHITECTURE%" == "x86" GOTO X86_PROG
IF NOT EXIST "%ProgramFiles(x86)%\%MCS_ENDPOINT%" GOTO INSTALL
exit /b 0
:X86_PROG
IF NOT EXIST "%ProgramFiles%\%MCS_ENDPOINT%" GOTO INSTALL
exit /b 0
:INSTALL
pushd \\10.112.96.2\Public\Sophos
SophosInstall.exe -q
Popd
and also heard that using a proxy pac file can help in having the machine point to a proxy or not when its away from school but how can i change the settings which you are saying to set up in command prompt which i would roll out via GPO?
currently this is affecting 200 machines on 1 site and 80 on a second.
it needs to updating in school and at home. simple no ifs or buts, sophos did it before it should be able to do it again and cant believe they have got it so messed up that its not as simple as before.
many thanks
andy
This thread was automatically locked due to age.
