Deploying Endpoint Security and Control through Active Directory group policy

HI,

That should be fine as it's essentially just instructions on how to create a startup script in AD to run a batch file.

I would suggest familiarize yourself with the switches to setup.exe by reading:

http://www.sophos.com/support/knowledgebase/article/12570.html

I then always suggest that the easiest way to get a deployment string is to protect a machine from SEC, whilst monitoring the scheduled tasks on the client, as soon as the Sophos scheduled task is created to perform the install copy the command being run.  This string can then form the basis (if not the entire string as you would want it) of the command.  It saves you having to use the command line tool obfuscationutil to obfuscate the username and password values.

Checking for the presence of ALSVC.exe is a simple check to see if SAV is installed and should be sufficient at least for the initial rollout.  

Regards,

Jak 

HI,

That should be fine as it's essentially just instructions on how to create a startup script in AD to run a batch file.

I would suggest familiarize yourself with the switches to setup.exe by reading:

http://www.sophos.com/support/knowledgebase/article/12570.html

I then always suggest that the easiest way to get a deployment string is to protect a machine from SEC, whilst monitoring the scheduled tasks on the client, as soon as the Sophos scheduled task is created to perform the install copy the command being run.  This string can then form the basis (if not the entire string as you would want it) of the command.  It saves you having to use the command line tool obfuscationutil to obfuscate the username and password values.

Checking for the presence of ALSVC.exe is a simple check to see if SAV is installed and should be sufficient at least for the initial rollout.  

Regards,

Jak