Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 36 replies
  • Subscribers 1 subscriber
  • Views 105122 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Mac OS - pre-configuring Autoupdate

QC

We have quite a number of Macs (not surprising at a university) but no official Mac support. Nevertheless we offer Sophos for Macs (in a downloadable .zip archive).  

When Sophos is installed on a Mac on our network it connects to the management server from where it gets the update policy (the CIDs contain the correct mrinit.conf for RMS to work). Of course this does not work if the Mac is used at home. For windows PCs putting sauconf.xml placed in the appropriate directory does the trick. There are some articles in the knowledgebase but usually a Mac is required with which you can configure the CID (if I understand correctly). I believe no magic is actually involved and the configuration is stored somewhere in a .plist file (XML format). I suspect that the catalogues are involved and configcid.exe does not support a CID for OSX.

Or is there a "simple" way to pre-configure autoupdate (even if it's unsupported)? sau.plist looks suspicous  :smileywink:

Christian

:518


This thread was automatically locked due to age.
Parents
  • 0

    bobcook wrote:

    jelockwood wrote:

    After automatically installing SAV 9.2.2 as part of my DeployStudio / Munki build process I am finding that when I first login to a freshly minted Yosemite Mac I get a dialog box appearing from Keychain Migrator asking for the password for the Sophos keychain. I of course have no idea what that password would be as it is used and created by Sophos. I therefore have to click cancel and then the login proceeds and completes normally. Sophos seems to run ok after this and the message does not seem to reoccur on subsequent logins.

    Anyone else seeing this?

    I'm keen to hear more about this, its weird and unexpected. Definitely never seen it myself nor have we had it happen in our testing, but I can't say we would necessarily have the same endpoint configuration as you'd be running. Anything non-standard in your deployments that we should be trying?

    -------------------------------

    The main if not only difference is that I am installing Sophos without actually being logged in as a user. If you use Sophos Installer.app by itself this is a GUI installer and has to be run from inside an active login, if you use the Sophos Cloud installer the same applies. As a reminder I have 'wrapped' the Sophos Installer.app inside an Apple installer package.

    As I don't have a Windows Server I cannot test using the installer package created and maintained by Sophos Enterprise Console but that (last time I saw it) was an Apple installer package and one could test deploying it to a new Mac via ARD or similar to replicate a similar situation to mine. I am using Munki to auto deploy and install my Sophos (Apple) installer package, this takes place while at the login screen with no user actually logged in. ARD, Munki, Casper, and others that support Apple installer packages can all do installs without a user needing to be logged in.

    I only see this in Yosemite, it does not happen in Mavericks.

    On a slightly different topic, is there a commandline tool in Sophos SAV9 that can force a check for updates? It would be nice to immediately follow an install with a check for updates so as to ensure it immediately is up-to-date rather than having to wait 60 minutes for this to happen automatically.

    :54293
Reply
  • 0

    bobcook wrote:

    jelockwood wrote:

    After automatically installing SAV 9.2.2 as part of my DeployStudio / Munki build process I am finding that when I first login to a freshly minted Yosemite Mac I get a dialog box appearing from Keychain Migrator asking for the password for the Sophos keychain. I of course have no idea what that password would be as it is used and created by Sophos. I therefore have to click cancel and then the login proceeds and completes normally. Sophos seems to run ok after this and the message does not seem to reoccur on subsequent logins.

    Anyone else seeing this?

    I'm keen to hear more about this, its weird and unexpected. Definitely never seen it myself nor have we had it happen in our testing, but I can't say we would necessarily have the same endpoint configuration as you'd be running. Anything non-standard in your deployments that we should be trying?

    -------------------------------

    The main if not only difference is that I am installing Sophos without actually being logged in as a user. If you use Sophos Installer.app by itself this is a GUI installer and has to be run from inside an active login, if you use the Sophos Cloud installer the same applies. As a reminder I have 'wrapped' the Sophos Installer.app inside an Apple installer package.

    As I don't have a Windows Server I cannot test using the installer package created and maintained by Sophos Enterprise Console but that (last time I saw it) was an Apple installer package and one could test deploying it to a new Mac via ARD or similar to replicate a similar situation to mine. I am using Munki to auto deploy and install my Sophos (Apple) installer package, this takes place while at the login screen with no user actually logged in. ARD, Munki, Casper, and others that support Apple installer packages can all do installs without a user needing to be logged in.

    I only see this in Yosemite, it does not happen in Mavericks.

    On a slightly different topic, is there a commandline tool in Sophos SAV9 that can force a check for updates? It would be nice to immediately follow an install with a check for updates so as to ensure it immediately is up-to-date rather than having to wait 60 minutes for this to happen automatically.

    :54293
Children
No Data