The command-line utility ExportConfig.exe enables you to retrieve policies from the Console and save them as XML configuration files. These XML configuration files can be used to centrally configure unmanaged computers, or to implement features not available from the console.
This article explains how to use the utility to extract/export the existing console policies and then advises what you must do to re-apply the exported policies to a distribution point (CID) so the endpoint computers can implement the new configuration.
Note: The user account you run the ExportConfig.exe utility as must be a member of the Sophos Console Administrators Windows security group. Check that you are a member of this group before attempting the instructions below.
Known to apply to the following Sophos product(s) and version(s) Enterprise Console 4.5.0Enterprise Console 4.7.0Sophos Enterprise Manager 4.7.0ExportConfigEnterprise Console 5.0.0
Note: On a 64-bit system change 'Programs Files' folder to 'Program Files (x86)'.
To show the usage options type: exportconfig.exe
The usage options shown are:
Usage: Command line: ExportConfig.exe -type <AU, SAV, SCF, SAC, DATC, DEVC, TP or LEGAU> [-policy <policy>] [-output <filePath>] [-backwardsCompatable] Where policy is the name of the policy or not specified for Default. -backwardsCompatable : Use a format backwards compatable with SAV 5
The table below lists each policy type and its short name which can be used after the -type parameter.
1Can only be exported this way in Enterprise Console 4 and later, or in Enterprise Manager. 2Not available in Enterprise Manager. 3Only available in endpoint software 9 or later and Enterprise Console 4.5 or later or Enterprise Manager. 4It is not possible to export these policy types.
The naming of the output file is important. The table below shows what each policy's output file must be called.
Note: The output file names are case sensitive.
The table below show some examples of common usage.
exportconfig.exe -type au -output C:\sauconf.xml
exportconfig.exe -type sav -output C:\savconf.xml
exportconfig.exe -type sav -policy "my av policy" -output C:\savconf.xml
exportconfig.exe -type datc -policy HRDataControlPolicy -output C:\savconfdatac.xml
If the policy is successfully exported you will seen the following shown on screen: Policy successfully exported.
Policy successfully exported.
Policy named "Default" does not exist in database.
Policy named "mypolicy" does not exist in database.
Error: Invalid command line at:
Error: Type must be AU, SAV, SCF, SAV, DEVC, DATC or LEGAU.
In order for an endpoint computer to copy down and implement the configuration in the exported policy you must:
You must copy the output configuration file to the correct sub-folder in the distribution point. Use the table below to see which policy file needs to be copy to which folder.
Note: The main (parent) folder of the sub-folders is: \\SERVER\SophosUpdate\CIDs\[serial number]\
The special utility called ConfigCID.exe has been made available so that a distribution point (or CID - Central Installation Directory) can be programmed to recognize new configuration files. For more information in using ConfigCID.exe see article 13112.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.