Enterprise console4.5/client9.5 - all PCs greyed out and won't report back, Help please!!

Glad it's OK and the steps work.  I'm a little confused on how it can be delivered though based on your comment.  Are you saying that for some of the machines that need to be reset, they may not have access to a share where the script can reside so you would email them a script or send it through some other method?

If the machines are managed and presumably update from the CID on the server, can't the script and files required be hosted there also?  

Do the clients update using UNC/HTTP?  

Is it an AD environment they log into?  A system start-up script would be a good method as it would run as SYSTEM which would have access to all the required parts of the registry.    A non admin would not be able to run the script to recover the machine.  Also as they login  and the script is run, you would hope they would have access to the network and therefore the script and files.  Unless they login using a cached login for a high percentage of the time so the network is unavailable?  But then how do they get updates?

I assume they update from one of your distribution points rather than Sophos?

I can imagine either:

1. the script file (probably .vbs or could just be a batch file) would be hosted in a share, probably the CID to keep everything together, e.g.:

"\\Server\SophosUpdate\ReInitRMS.vbs" or "\\Server\SophosUpdate\ReInitRMS.cmd"

The 2 files required by the script are:

\\Server\SophosUpdate\CIDs\S000\SAVSCFXP\cac.pem

\\Server\SophosUpdate\CIDs\S000\SAVSCFXP\mrinit.conf

These should already accessible by the script, so the script could just copy down the files in the same way that setup.exe copied down the 2 files when the machine was originally protected.

If you had to make a single script file it is possible.. You could declare the contents of cac.pem and mrinit.conf as variables within the script (as they are just text) and the script could essentially create the files from the variables as one of the first steps.  But I don't really see the benefit of this as the files could just be copied by the script from the share.  Even if it was a web hosted distribution point, the script could still grab the files cac.pem and mrinit.,conf using Msxml2.XMLHTTP if it was a vbscript for example.

I'm trying to imagine a scenario where these machines are able to update and RMS is able to work where there isn't access to a central location to run a script and copy down the 2 files as this would make the script very easy.

I'd like to understand the environment constraints a little more as it dictates the language and complexity of the script quite a bit.  Also it would be worth knowing the OS of the machines that need to be reset just to ensure everything is available a script might rely on.

Regards,

Jak

:8737

Glad it's OK and the steps work.  I'm a little confused on how it can be delivered though based on your comment.  Are you saying that for some of the machines that need to be reset, they may not have access to a share where the script can reside so you would email them a script or send it through some other method?

If the machines are managed and presumably update from the CID on the server, can't the script and files required be hosted there also?  

Do the clients update using UNC/HTTP?  

Is it an AD environment they log into?  A system start-up script would be a good method as it would run as SYSTEM which would have access to all the required parts of the registry.    A non admin would not be able to run the script to recover the machine.  Also as they login  and the script is run, you would hope they would have access to the network and therefore the script and files.  Unless they login using a cached login for a high percentage of the time so the network is unavailable?  But then how do they get updates?

I assume they update from one of your distribution points rather than Sophos?

I can imagine either:

1. the script file (probably .vbs or could just be a batch file) would be hosted in a share, probably the CID to keep everything together, e.g.:

"\\Server\SophosUpdate\ReInitRMS.vbs" or "\\Server\SophosUpdate\ReInitRMS.cmd"

The 2 files required by the script are:

\\Server\SophosUpdate\CIDs\S000\SAVSCFXP\cac.pem

\\Server\SophosUpdate\CIDs\S000\SAVSCFXP\mrinit.conf

These should already accessible by the script, so the script could just copy down the files in the same way that setup.exe copied down the 2 files when the machine was originally protected.

If you had to make a single script file it is possible.. You could declare the contents of cac.pem and mrinit.conf as variables within the script (as they are just text) and the script could essentially create the files from the variables as one of the first steps.  But I don't really see the benefit of this as the files could just be copied by the script from the share.  Even if it was a web hosted distribution point, the script could still grab the files cac.pem and mrinit.,conf using Msxml2.XMLHTTP if it was a vbscript for example.

I'm trying to imagine a scenario where these machines are able to update and RMS is able to work where there isn't access to a central location to run a script and copy down the 2 files as this would make the script very easy.

I'd like to understand the environment constraints a little more as it dictates the language and complexity of the script quite a bit.  Also it would be worth knowing the OS of the machines that need to be reset just to ensure everything is available a script might rely on.

Regards,

Jak

:8737