Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 1 subscriber
  • Views 3767 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Deploying Endpoint Security and Control through Active Directory group policy

moramoga

Hi everyone,

I have to install sophos endpoint seciruty in 1300 PC's for a huge project. I found out this link on the website but is was made 6 years ago, does anyone know if this works? Does it works for Vista and 7 also?

http://www.sophos.com/support/knowledgebase/article/13090.html

Thanks.

:16241


This thread was automatically locked due to age.
  • 0

    HI,

    That should be fine as it's essentially just instructions on how to create a startup script in AD to run a batch file.

    I would suggest familiarize yourself with the switches to setup.exe by reading:

    http://www.sophos.com/support/knowledgebase/article/12570.html

    I then always suggest that the easiest way to get a deployment string is to protect a machine from SEC, whilst monitoring the scheduled tasks on the client, as soon as the Sophos scheduled task is created to perform the install copy the command being run.  This string can then form the basis (if not the entire string as you would want it) of the command.  It saves you having to use the command line tool obfuscationutil to obfuscate the username and password values.

    Checking for the presence of ALSVC.exe is a simple check to see if SAV is installed and should be sufficient at least for the initial rollout.  

    Regards,

    Jak 

    :16243
  • 0

    I can confirm that it does still work, even for Vista and Windows 7 PCs - I have it running on our domain automatically installing to any new domain-joined PCs.  The article was last updated earlier this year, although that may have been just to add the bit about version 9.5.

    :16267
  • 0

    Thanks RBGE,

    Will this script automatically installs SAV or still requires user to have some interaction with the installation? Like choosing to install firewall for example.

    Sergio

    :16275
  • 0

    It will install whatever you like in the way you want it, you just need to adjust the switches to your liking as per:

    http://www.sophos.com/support/knowledgebase/article/12570.html

    By default it requires no user interaction.  If will install the firewall if -scf is included as a parameter.

    Regards,

    Jak

    :16277
  • 0

    Hi Jak,

    thanks a lot for your quick reply! I was kinda scared because using the wizard installation from the console requires a lot of stuff to do like turning off windows firewall and stuff like that that is a little tedious to do.

    Sergio

    :16279
  • 0

    No problem.  It does seem to be getting harder with the new operating systems "out of the box" security measures to perform administrative tasks on them without modifying a number of settings.

    I suppose if you've already got management of the machine through some other means, in this case AD, you may as well leverage that as the deployment method.

    Cheers,

    Jak

    :16285
  • 0

    ok cool after some work on my Vmachines is working perfectly, one question, do you suggest to use it as a startup script or as a log on script? or it dosent matter, what do you think?

    :16329
  • 0

    Hi,

    Well it needs to run with administrative rights. If all your users are admins, you could choose log on scripts but it's safer to choose startup scripts as these will always run with sufficient privileges.

    Regards,

    Jak

    :16341