This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

deploy Endpoint Protection via group policy without enterprise console

Hi,

i want to deploy Endpoint Protection in my network.

I followed the KB 119265, 120611 and 13090.

But in 13090 i need enterprise console wich i have not licensed. also i dont know wat is meant with "The subscription folder number (shown as 'Sxxx' in the script below) should be changed to your associated subscription number." where do i get this subsription number? or is this a enterprise console setting?

I use Sophos central.

is there a tutorial how to deploay via active directory without enterprise console?

thanks



This thread was automatically locked due to age.
  • https://community.sophos.com/kb/en-us/119265 links to https://community.sophos.com/kb/en-us/120611 and this has an example batch file to run SophosInstall.exe -q on machines.  It tests if mcsclient.exe exists as a quick marker to save running it each time.

    @echo off
    SET MCS_ENDPOINT=Sophos\Management Communications System\Endpoint\McsClient.exe
    IF "%PROCESSOR_ARCHITECTURE%" == "x86" GOTO X86_PROG
    IF NOT EXIST "%ProgramFiles(x86)%\%MCS_ENDPOINT%" GOTO INSTALL
    exit /b 0

    :X86_PROG
    IF NOT EXIST "%ProgramFiles%\%MCS_ENDPOINT%" GOTO INSTALL
    exit /b 0

    :INSTALL
    pushd \\servername\share
    SophosInstall.exe -q
    Popd

    So you create your batch file , e.g sophos,bat and put sophosinstall.exe in a shared location on the network. E.g. 

    \\server\share\sophos.bat
    \\server\share\Sophosinstall.exe

    https://community.sophos.com/kb/en-us/13090 is then provided as an overview on how to run a batch file using a startup script.

    Regards,

    Jak

  • HI Bastian , 

    You may refer the post mentioned by Jak, as for the Sophos Enterprise console is on Premise Client  . You don't need to install Enterprise console , the enterprise console is an option if any client do not want to manage the Sophos Endpoint from Cloud.  Sophos Central is just launched and is not dependent on Enterprise console as they are hosted on Cloud and Enterprise console is on-premise  . 

    IF the client is using an existing Enterprise console (Earlier management console ) then Cloud Migration tool is required to migrate to Cloud-based i.e. Sophos Central.

    Hope this info would clarify your Query 

    Thanks and regards 

    Aditya Patel  | Network and security engineer.

    Regards,

    Aditya Patel
    Global Escalation Support Engineer | Sophos Technical Support

    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

  • hi, thanks for your answer and information about enterprise console. i did all what jak said but i stuck at KB 13090 at the point "The subscription folder number (shown as 'Sxxx' in the script below) should be changed to your associated subscription number." i dont know whre i can find my subsription number.

    also i dont get any  information where the path \\SERVER\SophosUpdate\CIDs\Sxxx\SAVSCFXP\Setup.exe  points to.

  • Thanks Jak.  I have the script working, but I can't get it to deploy through AD.  I have a Sophos OU with AD security groups in it as described here:

    http://www.grouppolicy.biz/2010/05/how-to-apply-a-group-policy-object-to-individual-users-or-computer/

    I have a Sophos Deployment GPO setup with Security filtering set to the Sophos security group.

    When I do gpupdate /force on the end user's computer that I'm testing, the policy isn't deployed.  I've rebooted the end user's computer a few times as I keep testing, but I can't seem to get the policy to deploy.  Up until now, all my GPO have been applied to computer groups.  Since I sync Sophos using AD Sync using security groups, I want Sophos to be deployed using these same security groups (for ease of deployment/management).

    Any thoughts on what I'm missing?

    Thanks,

    Jon

     

  • Jon, did you ever find a solution?

  • Nope.  I wish I had something to help you, but we couldn't get this to work in our environment.  Hopefully you have better luck.