After much searching and testing I have finally managed to make a successful Windows 7 compatible install script for Sophos Version 10.
REM — Check for an existing installation of Sophos AutoUpdate on 32-bit (the ‘Sophos AutoUpdate Service’ process)
IF EXIST “C:\Program Files\Sophos\AutoUpdate\ALsvc.exe” goto _End
REM — Check for an existing installation of Sophos AutoUpdate on 64-bit (the ‘Sophos AutoUpdate Service’ process)
IF EXIST “C:\Program Files (x86)\Sophos\AutoUpdate\ALSVC.exe” goto _End
REM — Check for an existing installation of Sophos Anti-Virus on 2003/XP (the SAV adapter config file)
IF EXIST “C:\Documents and Settings\All Users\Application Data\Sophos\Remote Management System\3\Agent\AdapterStorage\SAV\SAVAdapterConfig” goto _End
REM — Check for an existing installation of Sophos Anti-Virus on Vista+ (the SAV adapter config file)
IF EXIST “C:\ProgramData\Sophos\Remote Management System\3\Agent\AdapterStorage\SAV\SAVAdapterConfig” goto _End
REM — Check for servers not to install to
REM — if %COMPUTERNAME% == SERVER1 goto _End
REM — Deploy to Windows 2000/XP/2003/Vista/Windows7/2008/2008-R2
xcopy \\sophosserver.domain.local\SophosUpdate\CIDs\S000\SAVSCFXP c:\sophosinstaller /e /i /h
setup.exe -s – ni -mng yes -crt R -updp \\sophosserver.domain.local\SophosUpdate\CIDs\S000\SAVSCFXP -user “domain\user” -pwd “H2d4swBHrpiq92CUfrhS6ubJueAOS” -g “\sophosserver\NewComputers”
rmdir c:\sophosinstaller /s /Q
REM — End of the script
Copy and edit this script as you need to, then save it as a something like “sophosinstall.bat”. Move that new .bat file to your NETLOGON folder eg. “\\domain.local\NETLOGIN\”.
Now create a GPO and link it to where the computer objects that you want to be affected are located.
Edit that GPO to create a computer StartUp script. Add in your newly created script.
Here is a link to show you all the keys for the Sophos installer.
I made my script use the Startup script option because Startup scripts run as “Admin” and also don’t prompt for UAC. This is key for its completion.
I also had major problems with executing the file from an UNC path. Hence why i get the script to first copy it down and then do the install there after delete the files. Perhaps I’ll work on getting that to work later.
There is a way that you can hide the username and password in the script if you need to. However i couldn’t get this to work correctly. Again this is for another day.
Use this link to try get it to work.
I couldn’t find the .exe file on my server and the one i downloaded seems to present me with incompatible data.