This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Deploying SVE agent after redeploy of security VM with secured public share

Hi,

 

Due to a really annoying limitation of the security VM, where I couldn't change a basic network settings without redeploying the VM (and therefore all of our previously deployed guest VM agents), I have had to deploy a new security VM using the latest deployment tool.

 

After completing deployment, I find the new VM has a password on the public share, which has broken our existing agent deployment method, of a startup script.

 

Can someone tell me how we are now supposed to deploy the agent, as group policy does not account for providing credentials for a share, when running a program from a share.

Support aren't really providing much in the way of answers, leaving our environment completely unprotected.

 

Thanks.

James



This thread was automatically locked due to age.
Parents
  • Hi  

    Could you please confirm few things here: 

    How are you trying to deploy the agents? In case you are trying to re-deploy the agents via remote tools, then please check "Deploy software via remote deployment tools" in the article. Also, I would request you to PM me the case number you have registered with Support so that I can take a look. 

    Shweta

    Community Support Engineer | Sophos Technical Support
    Are you a Sophos Partner? | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
    The New Home of Sophos Support Videos! - Visit Sophos Techvids
  • Hi  

    To add to the above query, installing the Guest Agent regularly via group policy is not part of the intended design. Once the guest agent is installed once it should update itself. You can take a copy of the guest agent and put it at the location with a non-password protected share. Install once using Group Policy from there and then let the GVMs update by themselves from that point onwards. 

    Shweta

    Community Support Engineer | Sophos Technical Support
    Are you a Sophos Partner? | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
    The New Home of Sophos Support Videos! - Visit Sophos Techvids
  • Hi Shweta,

     

    Historically, we simply have a GPO that ran a startup script, running the installer directly from the public share of the SVM.

    We want to continue in this fashion as it has been working without issue, but as the public share is now password protected, it does not work.

     

    Support have advised me that it is best practice to install directly from the public share, as the installer gets updated with the SVM, which makes perfect sense and is what I want to do.

    It looks like now though, if this is what we want to do and via GPO, we have to have a far more involved script that uses mapped drives to work around the credential issue.

     

    What we want to do, is tell the GPO to simply run the following script:

    \\FLX-CL-FS01\System\Installation Packages\Sophos\SVE-Guest-Installer.exe SVMIPAddress=10.0.0.30 /install /passive

     

    Why has the new version of the SVM deployment tool, secured the public share with a password? Surely that means it is no longer "public"?

     

    Many thanks.

    James

Reply
  • Hi Shweta,

     

    Historically, we simply have a GPO that ran a startup script, running the installer directly from the public share of the SVM.

    We want to continue in this fashion as it has been working without issue, but as the public share is now password protected, it does not work.

     

    Support have advised me that it is best practice to install directly from the public share, as the installer gets updated with the SVM, which makes perfect sense and is what I want to do.

    It looks like now though, if this is what we want to do and via GPO, we have to have a far more involved script that uses mapped drives to work around the credential issue.

     

    What we want to do, is tell the GPO to simply run the following script:

    \\FLX-CL-FS01\System\Installation Packages\Sophos\SVE-Guest-Installer.exe SVMIPAddress=10.0.0.30 /install /passive

     

    Why has the new version of the SVM deployment tool, secured the public share with a password? Surely that means it is no longer "public"?

     

    Many thanks.

    James

Children