Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 36 replies
  • Subscribers 1 subscriber
  • Views 105105 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Mac OS - pre-configuring Autoupdate

QC

We have quite a number of Macs (not surprising at a university) but no official Mac support. Nevertheless we offer Sophos for Macs (in a downloadable .zip archive).  

When Sophos is installed on a Mac on our network it connects to the management server from where it gets the update policy (the CIDs contain the correct mrinit.conf for RMS to work). Of course this does not work if the Mac is used at home. For windows PCs putting sauconf.xml placed in the appropriate directory does the trick. There are some articles in the knowledgebase but usually a Mac is required with which you can configure the CID (if I understand correctly). I believe no magic is actually involved and the configuration is stored somewhere in a .plist file (XML format). I suspect that the catalogues are involved and configcid.exe does not support a CID for OSX.

Or is there a "simple" way to pre-configure autoupdate (even if it's unsupported)? sau.plist looks suspicous  :smileywink:

Christian

:518


This thread was automatically locked due to age.
Parents
  • 0

    Hello Bob,

    seems like a really weird deployment model

    Bob, on this side there is bitter reality - we might tell our management we're in a sister ship of USS Enterprise yet under the covers lurks Apollo XIII :smileylol:. (2) sounds simple but in practice it's often complicated not only for technical/networking reasons. Cloud does not yet offer the same features as Endpoint and not all organizations embrace the idea of moving management off-premise. I can see that you are forced to make changes and not doing it for the fun of it.

    is it suitable to expect an admin to copy the installer app

    Speaking for myself - what we need is a package with the RMS and update configurations preferably with a flexible grouppath - the with Deployment Packager (or better, the Windows product) this is possible. Copy /insert is ok but it should be possible on MacOS X and Windows alike.

    While we're at it - the ability to reinitialize (as long as the management server certificate is the same) RMS without uninstall/reinstall would help with management server migrations. Right now it's possible only on Windows, neither MacOS X nor Linux/*ix. Another weird model is the configuration of policies with a customized CID. This way endpoints which don't/can't connect via RMS (this includes stand-alone installations which update from an on-premise server) can be directed to a new update location.

    Thanks for listening

    Christian

    :53125
Reply
  • 0

    Hello Bob,

    seems like a really weird deployment model

    Bob, on this side there is bitter reality - we might tell our management we're in a sister ship of USS Enterprise yet under the covers lurks Apollo XIII :smileylol:. (2) sounds simple but in practice it's often complicated not only for technical/networking reasons. Cloud does not yet offer the same features as Endpoint and not all organizations embrace the idea of moving management off-premise. I can see that you are forced to make changes and not doing it for the fun of it.

    is it suitable to expect an admin to copy the installer app

    Speaking for myself - what we need is a package with the RMS and update configurations preferably with a flexible grouppath - the with Deployment Packager (or better, the Windows product) this is possible. Copy /insert is ok but it should be possible on MacOS X and Windows alike.

    While we're at it - the ability to reinitialize (as long as the management server certificate is the same) RMS without uninstall/reinstall would help with management server migrations. Right now it's possible only on Windows, neither MacOS X nor Linux/*ix. Another weird model is the configuration of policies with a customized CID. This way endpoints which don't/can't connect via RMS (this includes stand-alone installations which update from an on-premise server) can be directed to a new update location.

    Thanks for listening

    Christian

    :53125
Children
No Data