Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 36 replies
  • Subscribers 1 subscriber
  • Views 105105 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Mac OS - pre-configuring Autoupdate

QC

We have quite a number of Macs (not surprising at a university) but no official Mac support. Nevertheless we offer Sophos for Macs (in a downloadable .zip archive).  

When Sophos is installed on a Mac on our network it connects to the management server from where it gets the update policy (the CIDs contain the correct mrinit.conf for RMS to work). Of course this does not work if the Mac is used at home. For windows PCs putting sauconf.xml placed in the appropriate directory does the trick. There are some articles in the knowledgebase but usually a Mac is required with which you can configure the CID (if I understand correctly). I believe no magic is actually involved and the configuration is stored somewhere in a .plist file (XML format). I suspect that the catalogues are involved and configcid.exe does not support a CID for OSX.

Or is there a "simple" way to pre-configure autoupdate (even if it's unsupported)? sau.plist looks suspicous  :smileywink:

Christian

:518


This thread was automatically locked due to age.
Parents
  • 0

    Hello Christian,

    Thanks for the thoughtful explanation. It would be great to hear back from Tim to confirm, but your description makes sense. This seems like a really weird deployment model, but hey if it works for people then we should figure out how to make it work better.

    Two long-term recommendations: (1) move to Sophos Cloud, where there isn't such a thing as local users vs. remote users; or (2) poke holes in the firewall to let RMS chatter away as if it was inside the network. RMS wasn't really designed to work like this (despite the name!) so option (2) might not be an awesome solution.

    I'll look into adding update pre-configuration for the on-premise package, we might be able to slip it into the 9.2 stream. If we did this, is it necessary to host this file in an existing CID? Or is it suitable to expect an admin to copy the installer app, insert the pre-configuration data, then distribute this modified installer app? The answer to this is very important as it affects the approach.

    BTW its probably worth mentioning that as of 9.2 we are eliminating the MPKG installer and moving to an app, like the existing standalone installer. We are being forced into a severe restructuring of the installer package due to changes by Apple coming very soon to both Mavericks and Yosemite. This change will only start in 9.2 and it will remain in Preview for a while. Various communications about this change are ramping up and its possible you have already heard about it.

    :53087
Reply
  • 0

    Hello Christian,

    Thanks for the thoughtful explanation. It would be great to hear back from Tim to confirm, but your description makes sense. This seems like a really weird deployment model, but hey if it works for people then we should figure out how to make it work better.

    Two long-term recommendations: (1) move to Sophos Cloud, where there isn't such a thing as local users vs. remote users; or (2) poke holes in the firewall to let RMS chatter away as if it was inside the network. RMS wasn't really designed to work like this (despite the name!) so option (2) might not be an awesome solution.

    I'll look into adding update pre-configuration for the on-premise package, we might be able to slip it into the 9.2 stream. If we did this, is it necessary to host this file in an existing CID? Or is it suitable to expect an admin to copy the installer app, insert the pre-configuration data, then distribute this modified installer app? The answer to this is very important as it affects the approach.

    BTW its probably worth mentioning that as of 9.2 we are eliminating the MPKG installer and moving to an app, like the existing standalone installer. We are being forced into a severe restructuring of the installer package due to changes by Apple coming very soon to both Mavericks and Yosemite. This change will only start in 9.2 and it will remain in Preview for a while. Various communications about this change are ramping up and its possible you have already heard about it.

    :53087
Children
No Data