Install Sophos via Group Policy

Note – the below example is used with Sophos Enterprise. It will also work with SBE but you will need to modify the batch file accordingly.

Step 1: Create GPO

Create a GPO and link it at the appropriate place in active directory.

Note – by default this GPO will apply to authenticated users. You may wish to change this.

Step 2 – Create Batch File

Edit the GPO. Navigate to the below folder and click on the “show files” button.

In the window create a text document as shown below.

Open the text document and paste in the below. Change the values <server> to the server where sophos is installed, <username> to an account with privileges to install Sophos and <password> to the password for this account.

@ECHO OFF
REM — Check for an existing installation of Sophos AutoUpdate
if exist “C:\Program Files\Sophos\AutoUpdate\ALsvc.exe” goto _End
if exist “C:\Program Files (x86)\Sophos\AutoUpdate\ALSVC.exe” goto _End

REM — Deploy to Windows
\\<server>\SophosUpdate\CIDs\S000\ESXP\setup.exe -user <username> -pwd <password> -mng yes

REM — End of the script
:_End

Save the document.

Rename the text file installsophos.bat – note that you might need to edit the folder properties to view the .txt extension which must be changed to .bat

Step 3 – Add batch file to GPO

Finally add the batch file to the GPO using the “add” button as shown below.

Comments 1

Leave a Reply

Your email address will not be published. Required fields are marked *