Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 1 subscriber
  • Views 14845 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Remotely re-installing Sophos endpoint

RogueViper

Hi 

I wonder if anyone can help me. Over the past 6 months I have been struggling to resolve endpoints that are unmanaged but have Sophos installed and are updating. Unfortuntly my job isn't to fix problems but to flag them up for another team to resolve. I have now gotten to the point of just fixing it myself.

At the start there must of been in excess of 100+ unmanaged hosts; which were missing the RMS component of Sophos due to most likely an incorrect image being used for new desktops/laptops. I have managed to resolve apporox 50 hosts by using the protect feature in SEC which reinstalled Sophos and the hosts appeared in SEC. 

The remaining hosts are laptops, which are running XP but the remote protect feature doesn't appear to work. I can see the scheduled task being created and the configuration of the hosts is no different to that of the previous 50 hosts I have resolved. 

Can anyone point me in a direction on how to resolve this issue? Is there any way of just resinstalling RMS component remotely?

:21665


This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    As you say, when you protect a machine in SEC, the Sophos Management Service (on the management server machine) creates the scheduled task on the remote machine to run setup.exe from the deployment share.  There are a number of switches passed to setup.exe (a full list can be found here: http://www.sophos.com/support/knowledgebase/article/12570.html ).  The management service constructs the command based on the subscription and SEC group, from which it takes its updating policy. 

    If you monitor the scheduled tasks on the client when you deploy to it, you can look at the properties of the Sophos install task and view the exact command line being run.  It might be worth you checking that the paths in there are correct.  This command is possibly worth saving for the future.

    In terms of how RMS works, the following post:

    http://community.sophos.com/t5/Sophos-Endpoint-Protection/RMS-client-not-reporting/m-p/7881#M4142

    might be worth a read.

    Also I wrote a tool a while ago:

    http://community.sophos.com/t5/Sophos-Endpoint-Protection/Enterprise-console4-5-client9-5-all-PCs-greyed-out-and-won-t/m-p/8939#M4482

    that will generate a VBScript that can be run on clients to re-initialize them from an RMS point of view.  It was designed to help move clients from one SEC server to another but can be used to just re-initialize the machine in terms of RMS.

    You can run the HTA on any machine, you choose the correct cac.pem and mrinit.conf file from the distribution share.  This will generate you a VBS file you can run on the client.  This will, remove any existing config and certificates from the client and re-run ClientMRInit.exe to set it up again.  

    You could deploy this remotely to the machine in a variety of way but it would need to run with administrative rights on the client machine.  If you need to run it on many machines I would opt for AD startup scripts, if it's just a handful you could use psexec (http://technet.microsoft.com/en-us/sysinternals/bb897553 ), or possibly even remotely create a scheduled task on the remote machine to run it once

    Hope it helps,

    Regards

    Jak

    :21867
Reply
  • 0

    Hi,

    As you say, when you protect a machine in SEC, the Sophos Management Service (on the management server machine) creates the scheduled task on the remote machine to run setup.exe from the deployment share.  There are a number of switches passed to setup.exe (a full list can be found here: http://www.sophos.com/support/knowledgebase/article/12570.html ).  The management service constructs the command based on the subscription and SEC group, from which it takes its updating policy. 

    If you monitor the scheduled tasks on the client when you deploy to it, you can look at the properties of the Sophos install task and view the exact command line being run.  It might be worth you checking that the paths in there are correct.  This command is possibly worth saving for the future.

    In terms of how RMS works, the following post:

    http://community.sophos.com/t5/Sophos-Endpoint-Protection/RMS-client-not-reporting/m-p/7881#M4142

    might be worth a read.

    Also I wrote a tool a while ago:

    http://community.sophos.com/t5/Sophos-Endpoint-Protection/Enterprise-console4-5-client9-5-all-PCs-greyed-out-and-won-t/m-p/8939#M4482

    that will generate a VBScript that can be run on clients to re-initialize them from an RMS point of view.  It was designed to help move clients from one SEC server to another but can be used to just re-initialize the machine in terms of RMS.

    You can run the HTA on any machine, you choose the correct cac.pem and mrinit.conf file from the distribution share.  This will generate you a VBS file you can run on the client.  This will, remove any existing config and certificates from the client and re-run ClientMRInit.exe to set it up again.  

    You could deploy this remotely to the machine in a variety of way but it would need to run with administrative rights on the client machine.  If you need to run it on many machines I would opt for AD startup scripts, if it's just a handful you could use psexec (http://technet.microsoft.com/en-us/sysinternals/bb897553 ), or possibly even remotely create a scheduled task on the remote machine to run it once

    Hope it helps,

    Regards

    Jak

    :21867
Children
No Data