Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 19 replies
  • Subscribers 1 subscriber
  • Views 18517 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Package for standalone AV

Jvuz

Hello,

we have some machines that are not connected to our network. For those pc's, notebooks I can install the standalone version, but you need to give in username and password. Is there a way to create a package where you can set the username and password to dowload the updates from the sophos site, so that when you want to install it on a machine, you just need to run that package and it will be installed without giving in the username and password.

Jo

:15873


This thread was automatically locked due to age.
  • 0

    HI,

    There are a couple of options:

    http://www.sophos.com/support/knowledgebase/article/67504.html
    which essentially uses sauconfi.xml but you have to use ExportPrivateStore.exe to create the XML and then edit it.

    Another approach which you might find easier is to bundle up a distribution location/CID.  You would call the install using the switches to setup.exe:
    http://www.sophos.com/support/knowledgebase/article/12570.html

    From a working "template" machine, that is configured correctly, take a copy of the iconn.cfg file from the machine as this essentially defines the update policy.  You could then overwrite the "un-configured" file.

    To wrap it all up, you could create an SFX from the CID + the configured iconn.cfg file.  Then the SFX would run a script, e.g. a batch file to call setup.exe with the necessary switches and finally copy over the configured iconn.cfg.

    As a slight change to the second option, rather than just copying over the file, it's possible to use the SAU API to change the config, so if the script run by the SFX was something like VBScript you could do it from that:

    http://www.sophos.com/support/knowledgebase/article/36262.html
    has a few ideas.  

    That last link also gives an example of how to call an update at the end of the install.  Otherwise, if you go for a more simple approach using a batch, file, restarting the AutoUpdate Service will kill off an update within 5 mins. 

    Hope it helps and gives you some ideas of potential routes to take,

    Regards,

    Jak
     

    :15875
  • 0

    Thanks a lot already. I found this in the url for using the parameters:

    The Setup.exe file in the update location can be used with command line parameters.   The Setup.exe file version that comes with the standalone installer package of Sophos Endpoint Security does not support extra parameters.

    So I'm a bit stuck I'm afraid. :(

    Jo

    :15879
  • 0

    That's right, you have to use SEC+SUM to create you a distribution point, the setup.exe in the location that generates does.  You have to use this as the source of your package not the standalone installer.  The standalone installer version is not meant to be used to automate installs.

    Regards,

    Jak

    :15901
  • 0

    I'm going for the use of parameters. The only thing is, you can use the -updp <path> parameter for the location of the primary CID from where the computer will get its updates, but if it's Sophos itself, how do I need to set the parameter?

    Jo

    :15913
  • 0

    Hello Jo,

    the path is simply Sophos. Please note that the credentials are just obfuscated and thus not "totally secure".

    Christian

    :15929
  • 0

    I know, but my goal is to create a package using the ocs packager, where you can add parameters and the user just sees the exe file that has been created and just needs to run that.

    Jo

    :15933
  • 0

    I'm going for this one http://www.sophos.com/support/knowledgebase/article/67504.html , but before I'll start I need to create some policies. So I started to create a second update policy, but when I want to change the address for the primary server and I put sophos and click OK, I'm getting the following message: The primary server address is not in the correct format for either a UNC file share or a web address

    How do I need to fill this in?

    Jo

    :15949
  • 0

    Hello Jo,

    Sophos is not permitted as Primary for managed PCs (it's kind of reminder for the license T&C). Basically you have to configure Sophos as Secondary and after exporting the policy you have two options:

    1. Leave it as it is, the clients will first attempt the Primary and then fall back to Sophos as secondary. It introduces a small delay (and logs the errors of course) but has otherwise no ill effects
    2. Edit sauconf.xml to make Sophos the Primary (it is pretty straightforward)

    You should use -mng no on setup.exe (you probably have it in mind anyway) as you don't need RMS and it can't be downloaded from Sophos (and would result in download errors).

    Also the minimum interval is 60 minutes for downloading from Sophos so you should configure the schedule accordingly. 

    Christian

    :15951
  • 0

    Hello,

    thank you for your help. The problem I'm having now is that I cannot find the exportconfig.exe file in the tools folder. Is there a way to download this and configcid.exe?

    Jo

    :15987
  • 0

    Hello,

    in the meantime I have found both files. I'm having a look for the parameters. I'll keep you posted.

    Jo

    :15993