This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Scripted Install

Hello

I am trying to do a scripted install of the Sophos Endpoint Security and Control Client on a windows XP machine. From what I can see the install comes in two parts; The Sophos Antivirus software and the Sophos Auto Updater software. I can install the Sophos Anti-Virus software using MSIEXEC. But the Auto-Update software requires credentials so that it can update from the web. I can not enter these credentials when installing the software silently.

Can anybody shed any light on this?

Regards

Steve

This thread was automatically locked due to age.

0 Luke over 15 years ago

Hi Steve,
Welcome to the forums. Generally I would recommended calling the executable with the script rather than the individual msi files. The executable has a number of switches you can specify including the username/password for the updating account.
You can generate a full list of available switches by running 'setup.exe -?'.
On a similar vein you may also find the following knowledgebase article of interest as this will allow you to pre-configure the address and account details by creating an installation package:
http://www.sophos.com/support/knowledgebase/article/63182.html
Hope this helps,
Luke
:718
Cancel
Vote Up 0 Vote Down

Cancel
0 stokie_steve over 15 years ago

Luke, Thanks for the quick reply.
When I try to run Setup.exe -?, nothing happens apart from it tries to run the setup.exe as normal. Can you tell me what the switches are?
I will also look into creating an installation package using the Enterprise Console.
Regards
Steve
:719
Cancel
Vote Up 0 Vote Down

Cancel
0 Luke over 15 years ago

Hi Steve,
Apologies, I meant to state this in my original post but obviously got sidetracked with the switches. The switches/scripted installation of Sophos Anti-Virus is not supported with the standalone client. In order to make use of these switches you will need to use the installation downloaded and maintained by your copy of EmLibrary or Sophos Update Manager.
The switches you may find of use are:
-updp <path>      Update address
-user                     Account required for accessing update location
-pwd                     Password
If you try the '/?' switch against the setup.exe in the central installation directory then this should display the full list for you.
Best regards,
Luke
:730
Cancel
Vote Up 0 Vote Down

Cancel

0 faygate over 14 years ago

If it's useful below is a VBScript that we are using to install Sophos. Edit and use at your own risk! :smileywink: To obfuscate the username and password use the ObfuscateUtil with the -w argrument and if using a [Active Directory] domain account for access specify the username as username@domain.com and NOT domain.com\username since the ObfuscateUtil tool doesn't like the backslash (\) and screws it up!

Option Explicit
Dim oShell, oFSO
Dim sProgramFiles, sRemoteDistribution, sLocalAutoUpdatePath, sRemoteAutoUpdatePath, sLocalVersion, sRemoteVersion, sInstallArgs, sSetupPath
Dim bCheckVersion, bInstall

' ==========================================================================
' Retrieve location of Program Files directory
' ==========================================================================
Set oShell = CreateObject("WScript.Shell")
sProgramFiles = oShell.ExpandEnvironmentStrings("%ProgramFiles%")

' ==========================================================================
' Set paths
' ==========================================================================
'   sRemoteDistribution   = Path to Sophos CID for Windows Installation
'   sLocalAutoUpdatePath  = Path and filename to check for install
'   sRemoteAutoUpdatePath = Path and filename to compare installed version
'   sSetupPath            = Path and filename for installation
' ==========================================================================
sRemoteDistribution = "\\SERVERNAME\SophosUpdate\CIDs\S000\SAVSCFXP"
sLocalAutoUpdatePath = sProgramFiles  + "\Sophos\AutoUpdate\ALsvc.exe"
sRemoteAutoUpdatePath = sRemoteDistribution + "\sau\program files\Sophos\AutoUpdate\ALsvc.exe"
sSetupPath = sRemoteDistribution + "\setup.exe"

' ==========================================================================
' Set arguments for installation setup
' ==========================================================================
'   sInstallArgs          = List of arguments:
'                            -ni          Non-interactive setup
'                            -mng yes     Managed computer
'                            -updp        Location of update packages
'                            -ouser       Obfuscated username
'                            -opwd        Obfuscated password
' ==========================================================================
sInstallArgs = "-ni -mng yes -updp """ + sRemoteDistribution + """ -ouser <obfuscatedusername> -opwd <obfuscatedpassword>"

' ==========================================================================
' Is Sophos AutoUpdate Service already installed?
' ==========================================================================
Set oFSO = CreateObject("Scripting.FileSystemObject")

If oFSO.FileExists(sLocalAutoUpdatePath) Then
    ' Already Installed
    bCheckVersion = True
Else
    ' Install
    bCheckVersion = False
End If

' ==========================================================================
' Is Sophos AutoUpdate Service the same version as the distribution?
' ==========================================================================
If bCheckVersion = True Then
    ' Check to see if remote version is available
    If oFSO.FileExists(sRemoteAutoUpdatePath) Then
        ' Check Version
        sLocalVersion = oFSO.GetFileVersion(sLocalAutoUpdatePath)
        sRemoteVersion = oFSO.GetFileVersion(sRemoteAutoUpdatePath)
        If sLocalVersion <> sRemoteVersion Then
            ' The versions don't match
            bInstall = True
        Else
            ' The versions are the same
            bInstall = False
        End If
    Else
        ' Remote version not available
        bInstall = False
    End If
Else
    ' No version installed
    bInstall = True
End If

' ==========================================================================
' Do we need to do the install?
' ==========================================================================
If bInstall = True Then
    ' Check to see if installation is available
    If oFSO.FileExists(sSetupPath) Then
        ' Install the latest version of Sophos Anti-Virus
        oShell.Run """" + sSetupPath + """" + " " + sInstallArgs, 0, true
    Else
        'Do Nothing
    End If
Else
    ' Do Nothing
End If

' ==========================================================================
' Dispose of objects
' ==========================================================================
On Error Resume Next
oShell = Nothing
oFSO = Nothing
sProgramFiles = Nothing
sRemoteDistribution = Nothing
sLocalAutoUpdatePath = Nothing
sRemoteAutoUpdatePath = Nothing
sLocalVersion = Nothing
sRemoteVersion = Nothing
sInstallArgs = Nothing
sSetupPath = Nothing
bCheckVersion = Nothing
bInstall = Nothing

0 blardyblar over 14 years ago

Faygate.....Thanks for the little gem of a tip about obfuscating an AD user account. I have been scatching my head all morning trying to figure out why my service account keeps getting locked out! Thanks again!!!
For reference and for google to hopefully reference it. When using the obfuscate tool with an AD user account, specify username@domain rather than domain\username.
:5868
Cancel
Vote Up 0 Vote Down

Cancel
0 jak over 14 years ago

The other option is to deploy to a machine from SEC and monitor the scheduled task that is created on the client. Once created check the properties this will give you the full command with the obfuscated username and password.

There are a few other switches you may also wish to use and can be found here:

http://www.sophos.com/support/knowledgebase/article/12570.html

Jak
:5889
Cancel
Vote Up 0 Vote Down

Cancel