Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 2892 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Import Sophos Connect VPN profile file for all users

Neal Tite1

Hi

Sorry if I have the wrong forum, I didn't see one for VPN.

I'm currently deploying Sophos Connect 2.2.75 via Intune and noticed if you put the .pro file in the import folder it will import the settings for the user that installs it only then remove the file which is not use for Intune. I also saw the command line interface but nothing there that seems to address All Users.

I could create a login script or scheduled task to import the file for each user that logs on, however this will happen at every login and I like to try and avoid things like that, I thought I would check to see if there is an easier method that I'm overlooking?

Any help would be appreciated.

Thanks!



This thread was automatically locked due to age.
  • 0

    I deploy Sophos connect via Intune with a powershell script. I download the installer and .pro file. I then run the installer and then use Invoke-Item to invoke the profile import process.

    I also have another block that allows me to deploy new profiles if I ever need to. I just place a checker file in the Sophos connect path to make sure if the powershell script ever executes again that it doesn't re-import the file.

    If there is a better way, would love to hear it.

    if(!(Test-Path "C:\Program Files (x86)\Sophos\Connect")){
    #URL of SophosConnect.msi
    $url = 
    $dest = 
    Invoke-WebRequest -Uri $url -OutFile $dest
    #URL of .pro config file
    $url2 = 
    $dest2 = 
    Invoke-WebRequest -Uri $url2 -OutFile $dest2
    msiexec.exe /i "c:\SophosConnect.msi" /norestart /qn
    start-sleep -s 15
    Move-Item -Path "c:\Config.pro" -Destination "C:\Program Files (x86)\Sophos\Connect\import\Config.pro"
    Invoke-Item "C:\Program Files (x86)\Sophos\Connect\import\Config.pro"
    Remove-Item "c:\SophosConnect.msi"
    New-Item "C:\Program Files (x86)\Sophos\Connect\CheckerFile.txt"
}
#Below is a handy script for updating the sophos connect client profile config. You will need to update the .txt checker file as well as the name of the connection you want removed.
if(!(Test-Path "C:\Program Files (x86)\Sophos\Connect\CheckerFile.txt")){
    $url2 = 
    $dest2 = 
    Invoke-WebRequest -Uri $url2 -OutFile $dest2
    Start-Process -FilePath "C:\Program Files (x86)\Sophos\Connect\sccli.exe" -ArgumentList "remove -n Old Profile"
    Invoke-Item "C:\Program Files (x86)\Sophos\Connect\import\NewProfile.pro"
    New-Item "C:\Program Files (x86)\Sophos\Connect\CheckerFile.txt"
}

  • 0 in reply to Jesse Mayo

    Hi Jesse

    Thanks for the response, I was thinking of a similar solution but in the end I just created a scheduled task that runs at each user login and imports the profile using sccli.exe. It's a bit messy and it will run every time a user logs in but it takes less than a second to process so I'll live with it. I also put it in the import folder so the originally logged in user gets the config right away where as others have to reboot.

    Start-Process -FilePath "msiexec.exe" -ArgumentList "/i ""SophosConnect_2.2.75.msi"" TRANSFORMS=""SophosConnect_2.2.75.mst"" /qn" -Wait -WindowStyle Hidden

Start-Sleep 15

$Path = "C:\Program Files (x86)\Sophos\Connect\Config"
$Path2 = "C:\Program Files (x86)\Sophos\Connect\import"

$script = Split-Path -Path $MyInvocation.MyCommand.Definition -Parent

If(!(test-path -PathType container $Path))
{
      New-Item -ItemType Directory -Path $Path
}

$profile = "$Path\Profile.pro"

if (-not(Test-Path -Path $profile -PathType Leaf)) {
     try {
         Copy-Item -Path $script\Profile.pro -Destination $Path -Recurse -Force -ErrorAction Stop
     }
     catch {
         throw $_.Exception.Message
     }
 }

$profile2 = "$Path2\Profile.pro"

if (-not(Test-Path -Path $profile2 -PathType Leaf)) {
     try {
         Copy-Item -Path $script\Profile.pro -Destination $Path2 -Recurse -Force -ErrorAction Stop
     }
     catch {
         throw $_.Exception.Message
     }
 }


$ShedService = New-Object -comobject 'Schedule.Service'
$ShedService.Connect()

$Task = $ShedService.NewTask(0)
$Task.RegistrationInfo.Description = 'Sophos Connect Profile Import'
$Task.Settings.Enabled = $true
$Task.Settings.AllowDemandStart = $true

$trigger = $task.triggers.Create(9)
$trigger.Enabled = $true

$action = $Task.Actions.Create(0)
$action.Path = "C:\Program Files (x86)\Sophos\Connect\sccli.exe"
$action.Arguments = "add -f ""C:\Program Files (x86)\Sophos\Connect\Config\Profile.pro"" -n ""VPN"""

$taskFolder = $ShedService.GetFolder("\")
$taskFolder.RegisterTaskDefinition('Sophos Connect Profile Import', $Task , 6, 'Users', $null, 4)

  • 0 in reply to Neal Tite1

    That will work as well. I try to avoid deploying scheduled tasks. You should take a look at Intune's native ability to deploy Powershell scripts. It's also nice because any time you update the script, it redeploys to all users.

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML