Sophos Deployment Packager user guide. Product version: 1.2



Similar documents
Sophos Endpoint Security and Control How to deploy through Citrix Receiver 2.0

Sophos Endpoint Security and Control Managed Service Provider guide for single server. Product version: 10

Sophos Endpoint Security and Control Managed Service Provider guide for a distributed system. Product version: 10

Sophos Endpoint Security and Control Managed Service Provider guide for a single server. Product version: 10

Sophos Anti-Virus for NetApp Storage Systems startup guide

Sophos Anti-Virus for NetApp Storage Systems user guide. Product version: 3.0

Sophos SafeGuard Native Device Encryption for Mac quick startup guide. Product version: 7

Sophos Endpoint Security and Control standalone startup guide

Sophos Enterprise Console server to server migration guide. Product version: 5.2

Sophos Enterprise Console server to server migration guide. Product version: 5.1 Document date: June 2012

Sophos Anti-Virus for Mac OS X network startup guide

Sophos Disk Encryption License migration guide. Product version: 5.61 Document date: June 2012

Sophos Cloud Migration Tool Help. Product version: 1.0

Sophos Anti-Virus for NetApp Storage Systems startup guide. Runs on Windows 2000 and later

SafeGuard Easy upgrade guide. Product version: 7

Sophos SafeGuard File Encryption for Mac Quick startup guide. Product version: 6.1

Sophos Endpoint Security and Control on-premise installation best practice guide. Endpoint Security and Control 10 Enterprise Console 5

Sophos for Microsoft SharePoint startup guide

Sophos Anti-Virus standalone startup guide. For Windows and Mac OS X

SafeGuard Enterprise upgrade guide. Product version: 6.1

SafeGuard Enterprise upgrade guide. Product version: 7

Sophos SafeGuard Native Device Encryption for Mac Administrator help. Product version: 7

SafeGuard Enterprise Web Helpdesk. Product version: 6 Document date: February 2012

Sophos Reporting Log Writer user guide

4cast Client Specification and Installation

Sophos Computer Security Scan startup guide

SafeGuard Enterprise Web Helpdesk. Product version: 6.1

SafeGuard Enterprise Web Helpdesk

Quick Install Guide. Lumension Endpoint Management and Security Suite 7.1

Endpoint web control overview guide. Sophos Web Appliance Sophos Enterprise Console Sophos Endpoint Security and Control

Sophos Anti-Virus for Mac OS X network startup guide. For networked Macs running Mac OS X


Pearl Echo Installation Checklist

DESlock+ Basic Setup Guide ENTERPRISE SERVER ESSENTIAL/STANDARD/PRO

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014

Sophos SafeGuard Disk Encryption, Sophos SafeGuard Easy Demo guide

Metalogix SharePoint Backup. Advanced Installation Guide. Publication Date: August 24, 2015

Citrix EdgeSight for Load Testing Installation Guide. Citrix EdgeSight for Load Testing 3.8

HYPERION SYSTEM 9 N-TIER INSTALLATION GUIDE MASTER DATA MANAGEMENT RELEASE 9.2

Configuring Steel-Belted RADIUS Proxy to Send Group Attributes

Sophos Reporting Interface user guide. Product version: 5.2

Virtual Web Appliance Setup Guide

4cast Server Specification and Installation

TIBCO Fulfillment Provisioning Session Layer for FTP Installation

Metalogix Replicator. Quick Start Guide. Publication Date: May 14, 2015

Important. Please read this User s Manual carefully to familiarize yourself with safe and effective usage.

Sophos Enterprise Console Auditing user guide. Product version: 5.2

IBM Security QRadar Version (MR1) WinCollect User Guide

Sophos Endpoint Security and Control Windows Embedded test guide. Product version: 10

How To Set Up Safetica Insight 9 (Safetica) For A Safetrica Management Service (Sms) For An Ipad Or Ipad (Smb) (Sbc) (For A Safetaica) (

SafeGuard Easy startup guide. Product version: 7

Sophos Mobile Control User guide for Windows Mobile

Getting started. Symantec AntiVirus Corporate Edition. About Symantec AntiVirus. How to get started

Kaseya Server Instal ation User Guide June 6, 2008

Installing and Configuring vcenter Multi-Hypervisor Manager

Installation Instructions Release Version 15.0 January 30 th, 2011

Remote Filtering Software

NSi Mobile Installation Guide. Version 6.2

Virtual Managment Appliance Setup Guide

Citrix EdgeSight for Load Testing Installation Guide. Citrix EdgeSight for Load Testing 3.5

Sophos for Microsoft SharePoint Help. Product version: 2.0

Installation Guide for Pulse on Windows Server 2012

Sophos SafeGuard Disk Encryption for Mac Startup guide

Sophos Anti-Virus for Linux user manual

Sophos Mobile Control Technical guide

Quick Start - Generic NAS File Archiver

Sharpdesk V3.5. Push Installation Guide for system administrator Version

How To Encrypt A Computer With A Password Protected Encryption Software On A Microsoft Gbk (Windows) On A Pc Or Macintosh (Windows Xp) On An Uniden (Windows 7) On Pc Or Ipa (Windows 8) On


Symantec AntiVirus Corporate Edition Patch Update

SafeGuard PrivateCrypto 2.40 help

WhatsUp Gold v16.2 Installation and Configuration Guide

NTP Software File Auditor for Windows Edition

LifeSize Control Installation Guide

Core Protection for Virtual Machines 1

Novell Open Workgroup Suite

Acronis Backup & Recovery 10 Server for Windows. Installation Guide

Administration Guide. . All right reserved. For more information about Specops Deploy and other Specops products, visit

Sophos SafeGuard Disk Encryption for Mac and the Casper Suite

Receiver Updater for Windows 4.0 and 3.x

RSA Authentication Manager 7.1 Basic Exercises

Project management integrated into Outlook

Citrix EdgeSight Installation Guide. Citrix EdgeSight for Endpoints 5.3 Citrix EdgeSight for XenApp 5.3

Education Software Installer 2011

Server Installation Guide ZENworks Patch Management 6.4 SP2

Version 5.0. SurfControl Web Filter for Citrix Installation Guide for Service Pack 2

Installation Guide for Pulse on Windows Server 2008R2

Archive Add-in Administrator Guide

Online Backup Client User Manual Linux

Introduction to Mobile Access Gateway Installation

User Document. Adobe Acrobat 7.0 for Microsoft Windows Group Policy Objects and Active Directory

Acronis SharePoint Explorer. User Guide

AVG 8.5 Anti-Virus Network Edition

IN STA LLIN G A VA LA N C HE REMOTE C O N TROL 4. 1

Snow Active Directory Discovery

Single Sign-On Guide for Blackbaud NetCommunity and The Patron Edge Online

Docufide Client Installation Guide for Windows

Sophos for Microsoft SharePoint Help

NetIQ Sentinel Quick Start Guide

Sophos Mobile Control User guide for Android

Transcription:

Sophos Deployment Packager user guide Product version: 1.2 Document date: September 2014

Contents 1 About this guide...3 2 About Deployment Packager...4 2.1 Deployment Packager known issues and limitations...4 3 System requirements...5 4 Create packages using the graphical user interface...6 4.1 Create a protection package using the GUI...7 4.2 Create an encryption package using the GUI...9 5 Create packages using the command line interface...11 5.1 Create a protection package using the CLI...11 5.2 Create an encryption package using the CLI...12 6 Technical support...14 7 Legal notices...15 2

user guide 1 About this guide This guide describes how to use the free Sophos Deployment Packager tool. For information about how Managed Service Providers (MSPs) may use this tool, see the Managed Service Provider guides. It is assumed that you are familiar with Sophos Enterprise Console and Sophos Endpoint Security and Control. Note: Some features will be unavailable if your license does not include them. Encryption is only available if you have a valid license that includes it. MSPs can contact their account manager to inquire about encryption. Sophos documentation is published at www.sophos.com/en-us/support/documentation.aspx. 3

Sophos Deployment Packager 2 About Deployment Packager The Deployment Packager creates a single self-extracting archive file from a set of Sophos endpoint setup files, for installing Endpoint Security and Control and Sophos Disk Encryption on Windows endpoints. The packaged file includes configuration options such as silent/interactive installation, installation package choices and setup parameters, update path/credentials and endpoint group membership. Packages created with the Deployment Packager always attempt to remove other potentially-clashing protection software when installed. For encryption, other potentially-clashing encryption software can be detected, but must be removed manually. It may be necessary for you to produce several packages, each meeting the requirements of different endpoint types. You can run the Deployment Packager tool through either its graphical user interface (GUI) or command-line interface (CLI). The GUI is easier for one-off deployments. The CLI is more versatile for repeated deployments. A string to invoke the command line version with options can be stored in a text file, or regularly run from a scheduled batch file, ensuring that the installation packages are always up-to-date. So, if you are managing large numbers of computers where there is a need for frequent installation on endpoints, then the CLI is preferable. 2.1 Deployment Packager known issues and limitations If you attempt to install Sophos Anti-Virus using a ready-made installer created by Sophos Deployment Packager and the logged on user name contains double-byte characters (for example, Japanese, Chinese), the installation does not continue. When the installer is run, the setup files are extracted to the %temp%/cid_packager_temp directory, but the installation does not continue. No errors are displayed or logged in the event logs. Workaround: Log on as a user with no double-byte characters in the user name. A "packaging failed" error message may be displayed when you try to create a package using command-line with an obfuscated password, -opwd command. If the error is displayed, ensure the obfuscated password is correct. If it is accurate and continues to display the error, enter a plain text password using the -pwd command or use the Deployment Packager user interface. 4

user guide 3 System requirements The minimum requirements to run the Deployment Packager are as follows: Windows operating systems: see www.sophos.com/en-us/products/endpoint/endpoint-protection/ components/management-console/system-requirements.aspx Disk space: 1 GB Memory: 1 GB Processor: 2 GHz Pentium or equivalent You should also be aware of system requirements for the packaged endpoint components. See www.sophos.com/en-us/products/all-system-requirements.aspx. 5

Sophos Deployment Packager 4 Create packages using the graphical user interface Use the graphical user interface for one-off deployment. You can create installation packages for the following features: Endpoint protection package with anti-virus, Remote Management, Firewall, and patch management. Encryption package, if your license includes encryption. 6

user guide 4.1 Create a protection package using the GUI 1. To create a protection package, run DeploymentPackager.exe. The Sophos Deployment Packager dialog box is displayed. Note: Sophos NAC has been retired as of August 31, 2014. For more information, see knowledgebase article 121321. 2. In Source folder, specify the location of the central installation directory containing the endpoint software installation files. This may be a UNC path or a local folder. 3. Under Package Endpoint Protection components, select from the following: Remote Management System (RMS) This installs and enables the Sophos Remote Management System, which allows Enterprise Console to control Endpoint Security and Control. For Managed systems you must enable this component. Note: When you select this option, endpoints obtain their updating path and credentials from Enterprise Console through RMS. 7

Sophos Deployment Packager Firewall This installs the Sophos Client Firewall. Note: If you want to install this option, check endpoint system requirements at www.sophos.com/en-us/products/all-system-requirements.aspx. Patch This installs Sophos Patch Agent.You must also enter the address where the Management server is installed under Management Server URL. The address must be a fully qualified domain name. Example: http://<server name>. If you select this option, you can choose the Operating system type. In Include selected components do one of the following: To include the selected components in the deployment package, click In the package. To download selected components from the update source, click Configure AutoUpdate to download components. Note: The endpoint installer is unable to use a proxy server. If the update location is accessed through a proxy server, then the required endpoint components must be included in the package. If you select Remote Management System (RMS) and then click In the package in Include selected components, the updating details are obtained from Enterprise Console. 4. In Operating system type, choose which operating system type to package. This option is only applicable if Patch is being installed from the deployment package. If you choose either 32-bit or 64-bit, the package can be installed only on specific 32-bit or 64-bit operating systems. If you choose 32-bit and 64-bit, the package can be installed on both 32 and 64-bit operating systems, but the package size will be large. 5. In Installation type, select how the installation program will run on endpoint computers. Select Silent: the program runs without any user interaction. The installation progress is not displayed on the endpoint computer. Select Non-interactive: the program runs without any user interaction. The installation progress is displayed on the endpoint computer. Select Interactive: the program runs with user interaction. The user can control the installation. 6. In Additional setup parameters, specify endpoint setup installation options. Always specify group membership using the -g option so that each installer is specific to and sets up endpoints to be members of existing groups. The packager does not check these options for errors. For further information, see www.sophos.com/en-us/support/knowledgebase/12570.aspx. 7. In Output package, specify the destination path for the output installer package.you can also specify an optional filename; if this is not supplied, the Deployment Packager will use a default filename. 8

user guide 8. In the Updating panel, for indirectly-managed endpoint packages or where remote management is enabled but not included in the package, enter the update path and credentials. You may set ":<port number>" after an HTTP URL; if unset, this defaults to 80. Note: Ensure all the components that are selected can be updated from the update location you specify (for example, Patch). If a different location is used for components, you can configure it as a secondary update location. Credentials are obfuscated in the package; however, accounts set up for endpoints to read update server locations should always be as restrictive as possible, allowing only read-only access. Endpoints will attempt to use their system proxy settings only if set using the environmental variables http_proxy or all_proxy. Proxy settings in Windows Control Panel Internet Options or Internet Explorer are ignored. _proxy variable values take the format _proxy=[protocol://][user:password@]host[:port], for example http_proxy=http://user:password@proxy:8080 9. Click Build Package to build the self-extracting archive. 4.2 Create an encryption package using the GUI Make sure that the endpoints have been prepared for full disk encryption installation. For further information, see the Sophos Enterprise Console quick startup guide, section "Prepare to install encryption software". The guide is available at www.sophos.com/en-us/support/documentation/enterprise-console.aspx. In particular, make sure that: The Sophos protection software has been installed on the endpoints (anti-virus, Remote Management). Third-party encryption software has been uninstalled on the endpoints. 1. To create an encryption package, run DeploymentPackager.exe. The Sophos Deployment Packager dialog box is displayed. 2. In Source folder, specify the location of the central installation directory (<CID>\ENCRYPTION) containing the endpoint encryption software installation files. This may be a UNC path or a local folder. 3. Select Package Disk Encryption. This installs full disk encryption on the endpoint computers. 4. In Operating system type, choose which operating system type to package. If you choose either 32-bit or 64-bit, the package can be installed only on specific 32-bit or 64-bit operating systems. If you choose 32-bit and 64-bit, the package can be installed on both 32 and 64-bit operating systems, but the package size will be large. 5. In Installation type, select how the installation program will run on endpoint computers. Select Silent: the program runs without any user interaction. The installation progress is not displayed on the endpoint computer. Select Non-interactive: selecting this option has no effect when creating an encryption package and will install as interactive on the endpoint computer. 9

Sophos Deployment Packager Select Interactive: the program runs with user interaction. The user can control the installation. 6. In Additional setup parameters, specify endpoint encryption setup installation options. The packager does not check these options for errors. For further information on the parameters, see www.sophos.com/en-us/support/knowledgebase/12570.aspx. 7. In Output package, specify the destination path for the output installer package.you can also specify an optional filename; if this is not supplied, the Deployment Packager will use a default filename. 8. Click Build Package to build the self-extracting archive. 10

user guide 5 Create packages using the command line interface Use the command line interface for repeated deployment. You can create installation packages for the following features: Endpoint protection package with anti-virus, remote management, Firewall, and patch management. Encryption package if your license includes encryption. 5.1 Create a protection package using the CLI Before using this section, read Create a protection package using the GUI (page 7). To run the Deployment Packager in command line mode, use the following format as a minimum: DeploymentPackager.exe -cli -mng yes -cidpath <CIDpath> -sfxpath <SFXpath> -crt R where <CIDpath> is the path to the relevant central installation directory and <SFXpath> is the path of the output package. -crt R automatically removes third-party protection software. The packager returns a value of zero when run successfully and non-zero for an error condition, together with a message to standard error method (stderr). Command-line options You can also use other command line qualifiers, as listed below. -mng yes Enable Remote Management. -mngcfg Specify path to custom Remote Management configuration files. -scf Install Sophos Client Firewall. -patch <Management Server URL> Install Sophos Patch Agent with the Management Server address. The address should be a fullyqualified domain name. Example: http://<server name>. -sauonly Include Sophos AutoUpdate only (chosen remote management and firewall components are downloaded from the update source). If this option is not selected, chosen components are included in the package. -arch <32bit, 64bit> 11

Sophos Deployment Packager Specify the architecture of the package you want to create, either 32-bit or 64-bit. Note: This option is only applicable if Patch is being installed from packaged CID. If you choose 32-bit or 64-bit the package can be installed only on specific 32-bit or 64-bit operating systems. If you do not specify any architecture, a single package is created which can be installed on both 32 and 64-bit operating systems, but the package size will be large. -updp <update_path> Updating path. -user <username> -pwd <password> Username and password. The packager obfuscates these in the package. However, if you are saving a Deployment Packager command line with clear username and password in a text or batch file, ensure that it is secure. -opwd <obfuscated_password> Obfuscated password. For information on how to obfuscate passwords, see Knowledge Base article Obfuscating the username and password at www.sophos.com/en-us/support/knowledgebase/13094.aspx. -s Silent installation. -ni Non-interactive installation. Other options Any other options are packaged to be run with the installer setup file. 5.2 Create an encryption package using the CLI Before using this section, read Create an encryption package using the GUI (page 9). Make sure that the endpoints have been prepared for full disk encryption installation. For further information, see the Sophos Enterprise Console quick startup guide, section "Prepare to install encryption software". The guide is available at www.sophos.com/en-us/support/documentation/enterprise-console.aspx. In particular, make sure that: The Sophos protection software has been installed on the endpoints (anti-virus, Remote Management). Third-party encryption software has been uninstalled on the endpoints. To run the Deployment Packager in command line mode, use the following format as a minimum: DeploymentPackager.exe -cli -cidpath <CIDpath> -sfxpath <SFXpath> -diskenc where <CIDpath> is the path to the central encryption installation directory (<CID>\ENCRYPTION) and <SFXpath> is the path of the encryption output package. -diskenc enables encryption. 12

user guide The packager returns a value of zero when run successfully and non-zero for an error condition, together with a message to standard error method (stderr). Command-line options You can also use other command line qualifiers, as listed below. -arch <32bit, 64bit> Specify the architecture of the package you want to create, either 32-bit or 64-bit. If you do not specify any architecture, the package will include the installation files for both 32 and 64-bit operating systems. -nocheck The paths to the central installation directory and to the output packages are not checked for correctness. -nodetect Disables detection of third-party encryption software. -s Silent installation. 13

Sophos Deployment Packager 6 Technical support You can find technical support for Sophos products in any of these ways: Visit the SophosTalk community at community.sophos.com/ and search for other users who are experiencing the same problem. Visit the Sophos support knowledgebase at www.sophos.com/en-us/support.aspx. Download the product documentation at www.sophos.com/en-us/support/documentation/. Open a ticket with our support team at https://secure2.sophos.com/support/contact-support/support-query.aspx. 14

user guide 7 Legal notices Copyright 2013 2014 Sophos Limited. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner. Sophos, Sophos Anti-Virus and SafeGuard are registered trademarks of Sophos Limited, Sophos Group and Utimaco Safeware AG, as applicable. All other product and company names mentioned are trademarks or registered trademarks of their respective owners. 15

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information