This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Deploying via GPO software installation

Hello,
I am looking at automating the Safeguard install for our institution through Group Policy using a software installation GPO. But I cannot pass the MSIEXEC commands this way - a transform / MST file must be created. How do I translate the MSIEXEC commands into the parameters I need to change in the MST?



This thread was automatically locked due to age.
Parents
  • I'm not super familiar with Safeguard but one way is to use Orca to create a MST.  A quick Google for MSI ORCA Transform has thrown up this:

    http://tonyle.ca/blog/?p=33

    There are plenty of pages detailing this approach:

    http://www.geekshangout.com/customising-an-msi-install-using-orca/

    I hope it's of use.

    Regards,

    Jak

  • Thank you Jak, I did grab Orca earlier today, but I am having trouble finding the right parameters to modify to mimic the MSIEXEC command below,

     

    msiexec /i [install location]\SGNClient_x64.msi /qn /log C:\Temp\SGNClient.log ADDLOCAL=Client,CredentialProvider,BaseEncryption,SectorBasedEncryption Installdir=C:\Program Files\Sophos\SafeGuard Enterprise

     

    I managed to find instances of ADDLOCAL but I don't know if it's the right spot to modify. Has anyone here done this with Orca?

  • It looks like you need to set two Properties:

    ADDLOCAL

    Installdir

    You should find these in the Property Table, if not you can add them.

    Once you have generated the MST and applied it to the MSI, for a test install, you can check the MSI log file (in the example above: C:\Temp\SGNClient.log) to see that the Properties have been set.

    Regards,

    Jak

  • Thanks for that, but I think I am going to try another method. Apparently, according to Sophos support, using Group Policy is not supported. Even though right in the Administrator guide it mentions centrally deploying through GPO. But, the recommended method is manual....I am not sure how organizations with hundreds of PCs deploy this product but they sure aren't doing it manually.

  • Hi Sandra - We've created an EXE that ...

     

    Changes PC Name

    Disables local accounts

    Reboots

    Binds to AD (with encrypted embedded creds)

    Reboots

    Installs Inventory software

    Installs Sophos SafeGuard (with MSI switches)

    Reboots

     

    It's a bit long winded and can cause some issues as there's a lot of varied hardware but generally it works well. There's just a few questions for the technician to do and then it's all automated. If our laptops were AD already (they're workgrouped in different groups) and don't have a image/software build on them either) we would go down the AD/GPO route but this was our best solution given our environment challenges!

Reply
  • Hi Sandra - We've created an EXE that ...

     

    Changes PC Name

    Disables local accounts

    Reboots

    Binds to AD (with encrypted embedded creds)

    Reboots

    Installs Inventory software

    Installs Sophos SafeGuard (with MSI switches)

    Reboots

     

    It's a bit long winded and can cause some issues as there's a lot of varied hardware but generally it works well. There's just a few questions for the technician to do and then it's all automated. If our laptops were AD already (they're workgrouped in different groups) and don't have a image/software build on them either) we would go down the AD/GPO route but this was our best solution given our environment challenges!

Children
No Data