Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 16 replies
  • Subscribers 1 subscriber
  • Views 5774 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

This solution is not acceptable

Hudson

I work in a School District that is extremely understaffed.  We have 3000+ computers and 1 person to work on tech problems and one person to manage the network.  Up until this year we ran Sophos as standalone on all machines but setup the console and have managed to get 350 machines in the console.  That still leaves 2700+ computers running Sophos stand alone.  This screw up has affected the large majority of our computers and you expect us to some how go out and touch every one of these machines?  That would take our department probably a year to do.  I need to know the best ideas of what can be done to fix this.  We can not be without updated antivirus for long.  I need suggestions quick because I have people to answer to.

:32263


This thread was automatically locked due to age.
  • 0

    And one more thing we don't have active directory either!

    :32269
  • 0

    Which solution is unacceptable?

    If you are referring to the one I posted, then don't use it.  I do not work for Sophos.  I posted it because it was a workaround that works, albeit a little time intensive.  You could use C$ shares and a PXE server/PXE boot to push the folder out to your clients, then Group Policy to reinstall.

    You don't have AD in a network of 3000 computers?  What is your domain running on?

    :32295
  • 0

    Ditto to what dnastar asked, if you have that many endpoints what is your domain running?

    I can say that out of all the suggestion posted there is no silver bullet which is going to resolve this because everyone's environment is different and the outcomes of this debacle vary.

    :32303
  • 0

    Hi Hudson,

    Ok, going to make a few assumptions here for you in this situation. Firstly, Can we assume that the 2700 odd machines have access to a file share somewhere or an intranet site? Do the users have administrative rights to their PC's (if there's no domain/active directory, I'm assuming they probably do). If so, you could create a script along the lines of:

    net stop "Sophos Anti-Virus"

    net start "Sophos Autoupdate Service"

    "%programfiles%\sophos\autoupdate\almon.exe"

    Email them and get them to download and run the script. When run, the shield should appear again so ask them then to right-click the sophos shield and 'update now'. When it's updated, reboot and you should be good to go again. That should fix the majority but then they'll be the ones that have 'deleted' their quarantine items. For those you'll need to download and script replacement of the missing fies a-la:

    stop sophos av, copy missing files, start au service, run almon and 'update' then reboot.

    I'm sure there's some decent scripter out there who could improve this but the rough 3 liners above should work for the marjority at least,

    Matt

    :32315
  • 0

    Its just a workgroup environment.  School district never could afford the licensing and hardware to setup AD.  The point is we are completely screwed is what it sounds like to me.

    :32317
  • 0

    MawfTech thanks for your response.  There was a time in the past where delete was the option that was set.  I would say the vast majority of our computers are set up as delete.  Knowing that what suggestions might you have.

    :32319
  • 0

    I have an ftp site setup that anyone can access.  So if there is a batch file or something that I could get that could be run on all machines then that is an option.  The breakdown is probably something like 2000+ machines as standalone running with delete under on access, 500 set to deny access, 500 set to deny access and move, and 350 in console.

    :32327
  • 0

    Do you have a standardized naming convention for the machines and a full list of them?  Does the admin account have the same password on all the standalone machines?  These are important in writing a batch or vbs file...

    I think Sophos needs to release a versatile fix for this issue.  It will sink them if it hasn't already.  We are going to be looking at other options...

    :32345
  • 0

    Going to be tough one to crack hudson. If you've got access to a network share somewhere that all the machines could access then something like:

    net stop "Sophos Anti-Virus"

    xcopy \\server\sharenam\folderwithfiles\*.* "%programfiles%\sophos\autoupdate /y

    net start "Sophos Autoupdate Service"

    "%programfiles%\sophos\autoupdate\almon.exe"

    You'll need the missing deleted files which from memory are:

    almon.exe

    alupdate.exe

    cidsync.dll

    iconfig.ppi

    You can get these from a working machine. WIthout a network share, scripting this is going to be real tough!

    Start with the original script though and hopefully you'll crack a lot straight away then you can concentrate on the fewer quantity left.

    If sophos support are listening in, really they should chime in here and help out. No good burying your head in the sand, these are real people with real problems!

    Matt

    :32365
  • 0

    """Do you have a standardized naming convention for the machines and a full list of them?  Does the admin account have the same password on all the standalone machines?  These are important in writing a batch or vbs file...

    I think Sophos needs to release a versatile fix for this issue.  It will sink them if it hasn't already.  We are going to be looking at other options...""""

    No to standardized naming convention.  I can look in DHCP of each School and see names but most don't have matching names.  Admin account is not the same on all machines.  Each User is the Administrator of their machines.  This is worse then any virus infection(scribble included) I have ever seen.

    :32377