Note – the below example is used with Sophos Enterprise. It will also work with SBE but you will need to modify the batch file accordingly.
Step 1: Create GPO
Create a GPO and link it at the appropriate place in active directory.
Note – by default this GPO will apply to authenticated users. You may wish to change this.
Step 2 – Create Batch File
Edit the GPO. Navigate to the below folder and click on the “show files” button.
In the window create a text document as shown below.
Open the text document and paste in the below. Change the values <server> to the server where sophos is installed, <username> to an account with privileges to install Sophos and <password> to the password for this account.
REM — Check for an existing installation of Sophos AutoUpdate
if exist “C:\Program Files\Sophos\AutoUpdate\ALsvc.exe” goto _End
if exist “C:\Program Files (x86)\Sophos\AutoUpdate\ALSVC.exe” goto _End
REM — Deploy to Windows
\\<server>\SophosUpdate\CIDs\S000\ESXP\setup.exe -user <username> -pwd <password> -mng yes
REM — End of the script
Save the document.
Rename the text file installsophos.bat – note that you might need to edit the folder properties to view the .txt extension which must be changed to .bat
Step 3 – Add batch file to GPO
Finally add the batch file to the GPO using the “add” button as shown below.