Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 2 subscribers
  • Views 4476 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Command line install receives no firewall rules

Nate Hillers

Hello,

I'm attempting a Windows 10 install from the command line:


\\SOPHOSSERVER\SophosUpdate\CIDs\S000\SAVSCFXP\setup.exe -mng yes -scf -user "DOMAIN\SOPHOSUSER" -pwd MYPASSWORD -s -ni

and while it download and installs fine, it doesn't pick up any of firewall rules. I'm left with a completely blocked firewall.

In order to have it how it 'should' be, I need to go into my server then push out everything to the end workstation again. It will then re-push out the software and re-install, this time with a firewall rule set that is what I want.

 

Did I miss something in my command line?

 

Thanks!



This thread was automatically locked due to age.
  • +1

    Hello Nate Hillers,

    the endpoint was not yet in the console when you ran setup.exe? If so, it's in the Unassigned group and doesn't have a policy assigned. It should then talk to the management server but the firewall (and the other policies except updating) will still be the default. To push out (I assume you mean Protect Computers) you have to put it into a specific group first - in this case it would request the policy from the management server.
    If this was your workflow this would explain what you observed. To have the firewall configured to your needs after a command line install all you have to do is to specify the grouppath parameter -G "\<nameofserver>\<Groupname>". The endpoint would then be moved to the desired group when it registers and receive the associated policy.

    Christian

  • 0 in reply to QC

    Indeed you are correct Christian.

     

    What I was missing was adding it to a group. Having it placed in Unassigned meant it didn't have a Firewall policy so it had 0 rules.

     

    Since we have many groups (and therefor many policies) in our department, what I did was create a new group called 'Staging' then apply a more-or-less department-default firewall policy to that group. I then changed my my script to add all new computers to that 'Staging' group and all was well!

     

    Thanks for your help!

     

    Nate

Unfiltered HTML