We are a Sophos customer and have an emerging need for an msi install solution for Sophos to a highly distributed user population > 200,000 square miles distributed.
Suggestion:
I have not verified this procedure, but its been requested from a portion of our Active Directory admin population. I would appreciate comments and suggestions to help it along.
The following is based on a couple of documents on the web.
There is a document on ehow.com labeled "How to create an msi package from an exe". There is a document on Sophos.com labeled "KB 1256" Incorporating Sophos in a disk image
Combining the information from both:
1. pick a network accessible capture machine, insert the windows server cd, navigate to and install
Valueadd\3rdparty\Mgmt\Winstle\Swiadmle.msi
3. pick another network accessible machine that represents the msi package target machine
4. from the target, use network file sharing to access and run
Winstall\Discoz.exe
5. from the target install Sophos (from the Central Install Directory; or; from a custom standalone Setup.exe) and reboot
6. from the target, stop the following services
sophos messaging router
sophos agent
sophos autoupdate service
7. from the target, remove the pkc and pkp entries from the following registry keys;
[HKEY_LOCAL_MACHINE\Software\Sophos\Messaging System\Router\Private]
[HKEY_LOCAL_MACHINE\Software\Sophos\Remote Management System\ManagementAgent\Private]
[HKEY_LOCAL_MACHINE\Software\Sophos\ALC Agent\Private]
8. from the target, use network file sharing to access and run
Winstall\Discoz.exe
9. retrieve the msi package and verify by installing in on a third machine
a. the newly installed machine should appear in the in the sophos management console
In theory this is not the cleanest, smallest msi package possible, it may include the setup files found in windows\temp and initial message router logs, it may also be prudent to review and consider KB 28591 which takes another route, by uninstalling antivirus and remote management and allowing the autoupdate system re-install them upon first boot.
There are a lot of potential problems with a static msi installer, such as forgetting to update it. The same msi installer will probably not work for 32 and 64 bit variants. The same msi installer will also probably not work across different versions or flavors of Windows operating systems. And msi installers will most certainly not work on MacOSX or any other operating system.
There are scripted options for installing Sophos in Active Directory in KB 13090
On flipsidereality.com there is a suggested GPO silent install vbs script using the original setup.exe installer.
We have mentioned msi installers during our support engagement with Sophos as a desired feature, and it was almost a deciding factor to adopting Sophos during the initial purchase. Only the ability to run the management console in a non-Active Directory environment.. made a difference. Ironically that is transitioning from an overriding feature to a less important one since we are adopting Active Directory and the issue of an msi installer is beginning to change the situation.
If this thread stays open, I'll publish our findings.
Thanks
This thread was automatically locked due to age.
