This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Safeguard Windows 1804 Patch - Installation of SafeGuard Client with the patch default options

Hello,

I'm looking to integrate the Windows 1804 patch to my standard install of the SafeGuard client when deploying to new workstations. As of now I use the VBS scripts to deploy and that has specific options such as specifically installing Challenge/Response vs. Standard bitlocker recovery keys, fallback options per OS, fallback for UEFI vs Legacy boot, and POA config options. 

 

The example given on the KB - community.sophos.com/.../131935

msiexec /i C:\Install\SGNClient_x64.msi PATCH=C:\Install\SGN8005Patch1804_x64.msp

 

If I were to deploy this to new computers would this attempt to enable Challenge/Response? Could I add a POA config file to this?

 

Here's an example of a more advanced command I use. I guess my question is, what configuration gets deployed when you don't include options with the SGNClient installation?

msiexec /i SGNClient_x64.msi /qn /passive /L*v PATH POACFG="POACFG_8_00.xml" /norestart

 

Can I attach other options to this command above, especially regarding enabling/disabling Challenge/Response? Thanks

 

 



This thread was automatically locked due to age.
Parents
  • Hello Eric,

    the modules which are installed by a default installation, differ depending on the Operating System.

    As in SGN8, the Synchronized Encryption module is part of the default it is recommendable if you define what you want by using teh ADDLOCAL parameter with your command.

    If you want to install the Device Encryption (with POA) module on W7 you can for example add this: 

    ADDLOCAL=Client,CredentialProvider,LocationBasedEncryption

     

    More info about the different installation options is available here:  

    https://docs.sophos.com/esg/sgn/8-0/admin/win/en-us/webhelp/index.htm#concepts/ClientInstallCentralCommand.htm

     

    Hope that helps

    F.

  • This was perfect. Thank you

     

    Here's an example of a command I created based on this info:

     

    msiexec /i SGNClient_x64.msi ADDLOCAL=Client,CredentialProvider,BaseEncryption,BitLockerSupport /qn /L*v SGNClientInstallation.log POACFG=POACFG_8_00.xml PATCH=SGN8005Patch1804_x64.msp REBOOT=ReallySuppress

     

    This command enabled Bitlocker on both Windows 7 Enterprise and Windows 10, includes POA config, applies the latest SafeGuard patch, is silent, outputs a log file, and does not force a restart at the end of the process. You will have to adjust the paths (make sure to include quotes if there's a space in the path) to each of the files as a stripped those from the command. 

Reply
  • This was perfect. Thank you

     

    Here's an example of a command I created based on this info:

     

    msiexec /i SGNClient_x64.msi ADDLOCAL=Client,CredentialProvider,BaseEncryption,BitLockerSupport /qn /L*v SGNClientInstallation.log POACFG=POACFG_8_00.xml PATCH=SGN8005Patch1804_x64.msp REBOOT=ReallySuppress

     

    This command enabled Bitlocker on both Windows 7 Enterprise and Windows 10, includes POA config, applies the latest SafeGuard patch, is silent, outputs a log file, and does not force a restart at the end of the process. You will have to adjust the paths (make sure to include quotes if there's a space in the path) to each of the files as a stripped those from the command. 

Children
No Data