Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 10 replies
  • Subscribers 1 subscriber
  • Views 25243 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Default group

sabdul

Hi All,

I'm trying to see if there is a way my computers can automatically goto a group I created in the Console instead of "Unassigned"

I followed these steps to prepare the image

How to prepare Endpoint Security and Control for inclusion in a disk image

Everything works fine. Sophos installs automatically after I deploy the image. The problem is that the new computer I image falls under "Unassigned Group" and I have to manually move that computer to the group I want.

New computer is not able to pickup the firewall Policy and because of it, I'm not able to join to the domain or browser to any local servers until I move it to group which has firewall policies applied. Is there a way to fix this issue or is there a better way to install Sophos Endpoint after I deploy the image?

Thanks

:56155


This thread was automatically locked due to age.
  • 0

    Hello sabdul,

    personally I'd install Sophos after the endpoint has been joined to the domain (and instead of preinstalling AutoUpdate deploy using a script, setup.exe lets you define the group). AFAIK the default firewall policy should enable you to connect to the domain services but it depends on your LAN topology.

    Anyway, what you are looking for is perhaps found in Moving a computer between groups in Enterprise Console from the endpoint.

    Christian

    :56161
  • 0

    Hi Christian,

    I'd like to deploy using a script but I only want to install this on windows 7 64bit machines and rest ignore. Will this script work below?

    @ECHO OFF

    REM --- Check for an existing installation of Sophos AutoUpdate on 64-bit (the 'Sophos AutoUpdate Service' process)
    IF EXIST "C:\Program Files (x86)\Sophos\AutoUpdate\ALSVC.exe" goto _End

    REM --- Deploy to Windows Windows7
    \\SERVER\SophosUpdate\CIDs\Sxxx\SAVSCFXP\Setup.exe -updp "\\SERVER\SophosUpdate\CIDs\Sxxx\SAVSCFXP" -user USER -pwd PWD -mng yes
    REM --- End of the script
    :_End

    :56648
  • 0

    Hello sabdul,

    Will this script work below?

    In principle, yes - if you make sure that the GPO is only applied to the Windows 7 64bit computers. But as far as I understand you want to install SCF as well and probably put them into a specific group, so please see Command line parameters used by Setup.exe. Note that you have to make sure that the endpoints communicate with SEC after installing SCF.

    Christian 

    :56662
  • 0

    This may sound stupid but how do I run this?

    For example : SETUP [-mng yes|no] [-scf] [-crt R] [-updp <path>] [-user <username>] [-pwd <password>] [-mngcfg <RMS config path>] [-compname <computername>] [-compdesc <computerdescription>] [-domain <domainname>] [-G <groupname>] -s -ni 

    I filled in all the info and ran it on a new computer joined to the domain through CMD, I get an error, "The system cannot find the path specified." I'm just trying to test it through cmd to see if it works.

    :56685
  • 0

    Hello sabdul,

    The system cannot find the path specified

    You ran the script from a CMD window? The share \\SERVER\SophosUpdate\CIDs\Sxxx\SAVSCFXP\ must be at least readable by the user running the script (in case of a computer script which runs as system the computer account).

    Christian

    :56694
  • 0

    Yes I ran in CMD window. If I browse to my the \\ServerName\SophosUpdate\CIDs\S000\SAVSCFXP\ I can browse to it without a problem. So I do have access to it. That's not the issue.

    I run CMD as Administrator.

    This is what I copy paste in CMD.

    SETUP -mng yes -scf -patch http://servername -crt R -updp \\servername\SophosUpdate\CIDs\S000\SAVSCFXP\ -ouser <domainname\SophosUpdateMgr> -ouser KLFJdklhfdjustmadethisup== -opwd KLFJdklhfdjustmadethisupVA== -G \servername\Workstation -S NO -Ni Yes

    And I get an error

    "The system cannot find the path specified."

    :56698
  • 0

    Hello sabdul,

    what is your working directory or do you prefix SETUP with the path to the CID? You're running as Domain Administrator, aren't you?

    Christian

    :56699
  • 0

    This is exactly what I do.

    2015-04-15_10-24-07.jpg

    :56702
  • 0
    Hello sabdul,

    this SETUP isn't the one you want, you're running from system32 and this definitely won't pick up the setup.exe from the CID. Specify the command like you wrote the -updp - but remove setup.exe from this parameter.

    Christian
    :56706
  • 0

    Problem was that I was using < > in the script. After removing these, I was able to make the script work. Thanks for all your help.

    :56712