Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 8560 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Endpoint installation via Group Policy

paulage

Hi all,

I've tried using the Enterprise console for deploying the agent (using 'Protection') with no luck on multiple PCs

1) It's just not working. I'm also not able to disable UAC from our computers which could be the problem

2) When I attempt to deploy from console there is no 'status' of the running task. Am I missing an option here as I would assume that you would be able to see the status of any running tasks success/failure etc

Is there an option for me to package an installation? I.E. create the settings I want and deploy it using my software of choice (either Group Policy or Dell KACE will be used). This would seem to be the easiest option.

Thanks for your help

:25363


This thread was automatically locked due to age.
  • 0

    HI,

    I would suggest upgrading to SEC 5.1 if you haven't done so yet.  This changes the deployment method slightly which I'm sure will help you.

    Other options you have include:

    1. Running setup.exe from the CID with the necessary switches.  
    Details on setup.exe here: http://www.sophos.com/en-us/support/knowledgebase/12570.aspx

    This can be run from a startup script in AD where you check for a marker of Sophos to prevent it keep running at each startup.. Something like: http://www.sophos.com/en-us/support/knowledgebase/13090.aspx

    Note: if you protect a test machine from SEC, you can view the scheduled task properties to obtain a deployment string.

    2. If you really want to package up the install would be to use the deployment packager but this is more for remote installations.  http://www.sophos.com/en-us/support/knowledgebase/67504.aspx. The latest version is 1.2:

    https://secure.sophos.com/support/updates/dp/full/sdp_12_sfx.exe

    which has some nice options over 1.1 it seems.  I've just found it today!

    Regards,

    Jak  

    :25381
  • 0

    Thanks for the reply Jak,

    I can see that Consoe 5.1 removes the need for turning off UAC but you still need to enable the remote registry service which I'm not completely comfortable with.

    I found the command line switches which I created a batch file from.

    http://www.sophos.com/en-us/support/knowledgebase/12570.aspx

    The file runs and installs the client on my test machine. The updating fails though and when I right click on the tray icon the option 'Open Sophos End Security and Control' is greyed out. Have you come accross any similar problems before?

    Thanks for your help.

    The batch file (server name replaced):

    @ECHO OFF
     REM --- Check for an existing installation of Sophos AutoUpdate on 32-bit (the 'Sophos AutoUpdate Service' process)
     IF EXIST "C:\Program Files\Sophos\AutoUpdate\ALsvc.exe" goto _End
     REM --- Check for an existing installation of Sophos AutoUpdate on 64-bit (the 'Sophos AutoUpdate Service' process)
     IF EXIST "C:\Program Files (x86)\Sophos\AutoUpdate\ALSVC.exe" goto _End
     REM --- Check for an existing installation of Sophos Anti-Virus on 2003/XP (the SAV adapter config file)
     IF EXIST "C:\Documents and Settings\All Users\Application Data\Sophos\Remote Management System\3\Agent\AdapterStorage\SAV\SAVAdapterConfig" goto _End
     REM --- Check for an existing installation of Sophos Anti-Virus on Vista+ (the SAV adapter config file)
     IF EXIST "C:\ProgramData\Sophos\Remote Management System\3\Agent\AdapterStorage\SAV\SAVAdapterConfig" goto _End
     REM --- Deploy to Windows 2000/XP/2003/Vista/Windows7/2008/2008-R2
     \\SERVER\SophosUpdate\CIDs\S000\SAVSCFXP\Setup.exe -updp "\\SERVER\SophosUpdate" -ouser BwjJTXqVrS1xW2IPxhBhHCRk4xRx2cCVnw4= -opwd BwgLQqg8DPgT3tnb4iu3ig/hXFZY1MtYPVE= -mng yes -scf - CRT -R -s
     REM --- End of the script
    pause
     :_End

    :25411
  • 0

    Hello paulage,

    first of all - even as they are obfuscated, don't publicly post credentials :smileywink:

    The -updp must specify the path down to the applicable CID folder (SAVSCFXP)

    Christian

    :25425
  • 0

    Thanks, I've got it working now.

    What I needed to change:

    1) under -updp include the CID folder like QCV suggested (SophosUpdate\CIDs\S000\SAVSCFXP)

    2) I missed a space in the -g switch

    3) I had to change the obfuscated username from *user* to *user@domain.com*

    Also, don't worry about the obfuscated password - I changed some of the characters before posting so it's just gibberish :smileyhappy:

    :26083