Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 1 subscriber
  • Views 1253 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

install when it comes online

q16marvin

hi,

i add 50 computers, most of them are offline so i get after some seconds an error. why do the sophos enterprise console dont try to install it when the client comes online? i have to make right click and "protect" again and again until all clients are installed.

thx!

:43421


This thread was automatically locked due to age.
  • 0

    Hi,

    As deployment from SEC just runs setup.exe from the deployment CID with a few switches (detailed here: http://www.sophos.com/en-us/support/knowledgebase/12570.aspx) there are plenty of way to deploy outside of using SEC.

    I always suggest the easiest way is to deploy using SEC to a sample client whilst watching the scheduled tasks on the target client.  As soon as the Sophos install task is created, look at the properties to see the switches used.  This will give you an obfuscated username and password without having to use the obfuscationutil tool.

    If you have AD, I would suggest an AD startup-script.  http://www.sophos.com/en-us/support/knowledgebase/13090.aspx has some general steps. This will ensure machines without SAV will get installed the next time they startup.

    Regards,

    Jak

    :43429
  • 0

    Hello q16marvin,

    first - has your issue with AD sync been resolved?

    when the client comes online

    the crucial point is - how can or should SEC determine that a client came online? As clients don't simply just appear out of nowhere it is assumed that you usually either deploy Sophos already as part of the (post-)installation (as Jak has pointed out) or that there is some window during which you can successfully use Protect Computers. Otherwise it is always trial and error to a certain extent.

    Of course it'd be convenient to have the install attempted (probably only once) at the first opportunity - positive thinking says it will work in the majority of cases and thus be a benefit - but it's not the most reliable way (and more likely so in circumstances where you feel you need this feature). Implementing this feature would require an extra "watchdog" - you can't piggy-back it on existing features - and it'd be quite a feat to make it efficient and robust in all cases. 

    Now you could argue, if a check-for-online would be to complex or costly,  that a simple retry-until-succeeded would do. This procedure was part of AD sync with automatic protection in a Beta but never made it into the final release - there is since then only one attempt.

    Christian

    :43433