Sophos Anti-Virus for Windows: using SMS to deploy Sophos Anti-Virus, current versions
This article is intended for use by network administrators who already use Microsoft Systems Management Server (SMS) to manage, deploy, and update network components, and who now want to use SMS to deploy and manage current versions of Sophos
More information about SMS is available from the Microsoft SMS web pages.
The following procedures assume that the user is already familiar with the functionality, components and terminology of SMS 2.0.
What to do
Deploying Sophos Anti-Virus
- Creating a new package and program
Open the SMS Distribute Software Wizard and Create a new package and program for a collection of computer systems. Give the package an appropriate name, for example, "SophosAnti-Virus for XP". - Defining a source directory
In 'Source Files' select 'Obtain files from a source directory'. In 'Source directory:' select 'Network path (UNC name)'. Enter the location of the Sophos Central Installation Directory (CID) files. Typically this could be any of the following defaults:
If you want groups of computers to update from different locations, these groups and locations can be specified after deployment. This is described more fully below. Click 'Next'.\\servername\InterChk\ESXP - for Windows 2000/XP/2003
\\servername\InterChk\ESNT - for Windows NT4
\\servername\InterChk\ES9X - for Windows 95/98/Me - Selecting distribution points
Select appropriate distribution points for the package. Click 'Next' to display the Program Identification dialog box, check that the 'Name' field displays the program name that you defined in step 1 above. - Using the Command line
You will use the Command line to define two areas:- Where computers obtain updates. One of the following will apply:
- You have groups of computers, and you need to define an update location for each group. You can define these locations either before or after deployment.
- You want all computers to update from a single location. You can specify this location before deployment, by entering the primary server address in the command line
- The information required to identify the new program. This must include:
- the setup.exe file from the source file specified above
- the user name and password required to access the server from which you will get updates.
- Where computers obtain updates. One of the following will apply:
- Entering the Command line
Enter a command into the Command line field. According to whether you want to specify the primary server address before or after deployment of SophosAnti-Virus to the computers, your text should resemble one of the following examples:- if you intend to specify the primary server address AFTER deployment:
setup.exe -user <username> -pwd *****
Where <username> is an account with read-access to the CID.
When you enter a command in this format, after SophosAnti-Virus is deployed to the computers, the primary server address in the AutoUpdate Configuration on the client computers defaults to the UNC path of the shared SMS package folder on the SMS server, for example \\[SMSservername]\SMSPKGC$\ 12300001\ .
The client computers will appear in the 'Unassigned' folder of the Enterprise Console as managed and connected. However, as the primary server location is not pointing to a managed CID, the computers will not get Sophos updates. You must specify this later. - if you intend to specify the primary server address BEFORE deployment:
setup.exe -user <username> -pwd ***** -mng yes -updp \\servername\InterChk\ESXPWhere <username> is an account with read-access to the CID.
When you enter a command in this format, the client computers will appear in the 'Unassigned' folder of the Enterprise Console, as managed and connected, and will get Sophos updates. Click 'Next'.
- if you intend to specify the primary server address AFTER deployment:
- Running the program
In 'Program properties', choose to run the program, and select 'Whether or not a user is logged on' from the dropdown options.
Note: After running the program on Windows 95/98/Me platforms, the computer may require rebooting. - Advertising the program
Advertise the program. Select appropriate advertisement targets. - Assigning the program
Assign the program. Choose the option that makes installation mandatory on the computers. - Completing the software distribution
Click 'Next', then 'Finish' to complete and exit the software distribution wizard. If necessary, you can now adjust the properties of the advertisement appropriately, such as making assignments mandatory over slow links.
Managing client computers after deployment
For computers to receive Sophos
- If you did not specify the required primary server address in the command line of the SMS package, following deployment, the computers appear as connected and managed in the 'Unassigned' folder of Enterprise Console. However, they will not receive Sophos updates, because the primary server on the computers is not pointing to a managed CID location.
In Enterprise Console, you can move them to a configured group and make them comply with the group updating policy. This forces the AutoUpdate primary server address on the computers to point to the correct CID. - If you specified the correct primary server address in the command line of the SMS package, following deployment, the client computers will appear as connected and managed in the 'Unassigned folder' of the Enterprise Console, and will get Sophos updates. You can move these computers to other groups on the console if required.
If you need more information or guidance, then please contact technical support.
- Article ID: 12457
- Created: 24 Jan 2005
- Last updated: 22 Oct 2008
