Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 1 subscriber
  • Views 1314 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Shh-Updater on Workgroup PC's

apeeler

Unfortunately my network of about 1000 PC's is not set up through Active Directory. We only use AD to sync or email. We are set up as workgroup locations. I cant deploy the FixIssues.exe file because of this. I cant set up a group policy from AD like everyone recommends. I have been waiting on a call back from an engineer for a full week now. Our problem is not solved and i dont' even know where to begin.

I do NOT have the time to issue the Fixissues.exe fix on each individual PC.

:33709


This thread was automatically locked due to age.
  • 0

    Hi,

    I like a challenge so lets see what can be done here.

    Perhaps the most important is, if the users run the "FixIssues" tool (http://downloads.sophos.com/tools/FixIssues.exe) does it fix them?  

    • What issues do they have or do you not really know?
    • How do you know they are broken, people call you?  
    • Do you have the management console of Sophos that shows they are broken?
    • Is AutoUpdate broken?  
    • Were files moved or deleted?  What options were set?
    • Is the problem software other than Sophos on the computers is broken?
    • What does the "FixIssues" tool need to fix on a typical broken client?

    If the tool would fix it....

    • If the computers are in one or more workgroups, with a variety of admin accounts. A central push is going to be tricky, if you add firewalls to that, it's a tall order and doesn't sound possible.  At least not the majority of affected computers.
    • Maybe if you have a range or ranges of IPs, you could try and access them, to drop the tool on them to run it in someway.  Are they on a LAN? Are they on most of the time or a large percentage of them?
    • I assume there is no "agent" on the client to assist with deployment of packages, essentially you have no means of contacting/issuing commands to these computers remotely?

    If both points above are true, the clients need to essentially pull the "fix", either through existing software on the computers or you could influence users do it.

    I'll start with engaing the end user as this probably has fewer options:

    1. If all the users access a central portal, like a intranet home page, would it be possible to put up an obvious message asking them to download and run the tool.  If they are local admins that is useful in this scenario.
    2. Do you have an email group or email addresses you can email them and ask them to run the tool?  I can appreciate that email might look rather fishy to the end user but maybe this is an option.

    Other than asking the users to run it on your behalf, the other option is to leverage other software on the computers to do it.  Is there a common set of applicaitons on these computers?  Any other software that updates from something you control centrally?

    If Sophos AutoUpdate is working and they update from a location you maintain, we could leverage the before and afterscript functionallity in Sophos to run the tool but that would require AutoUpdate to work and if they update from Sophos that is no use.  This again depends on what is broken.

    Regards,

    Jak

    :33717
  • 0

    To add to Jak's reply (I'd be interested in those answers)...if local users can't be used to run the tool....

    Can you tell us more about how you normally deploy packages (.exe or .vbs) to workstations?

    We have already produced the following articles to cover methods that can be used to deploy the FixIssues tool across a network:

    • Enterprise Console, see article 118351
    • PsExec, see article 118337
    • Active Directory Group Policy (GPO), see article 118338

    ...maybe we're in need of fourth type?

    :33719