This tutorial describes information on how to deploy Sophos Central endpoint software to Windows computers using common automated software deployment methods. It provides a couple of examples to cover common deployment methods.
First login to Sophos Central Admin, download the installer SophosSetup.exe. Go to Protect Devices > under Endpoint Protection > select Download Windows Installer.
Deploy the SophosSetup.exe to your endpoints through one of the automated deployment methods discussed below.
Place the SophosSetup.exe under shared folder, then create a batch file call SPInstall.bat for executing as follow:
SET MCS_ENDPOINT=Sophos\Management Communications System\Endpoint\McsClient.exe
IF "%PROCESSOR_ARCHITECTURE%" == "x86" GOTO X86_PROG
IF NOT EXIST "%ProgramFiles(x86)%\%MCS_ENDPOINT%" GOTO INSTALL
IF NOT EXIST "%ProgramFiles%\%MCS_ENDPOINT%" GOTO INSTALL
Replace the \\path\to\shared as your actual folder
There is 2 method I have used to deploy Sophos Endpoint Software
1. Using Active Directory (AD) startup script
To deploy the script via Active Directory, you can either create a new group policy or you can edit an existing one. The steps below shows creating a new group policy:
On Domain Controller, Open Group Policy Management > Click Create a GPO in this domain, and Link it here….
Edit GPO, go to Computer Configuration > Policies > Windows Settings > Scripts (Startup/Shutdown), Right click Startup > Properties > Add > Browse > Copy the SPInstall.bat to Startup > Open > Ok
Please ensure that your computer must be under the correct OU, in this tutorial the policy scope will apply to PolicyPreCheck OU
At the Client side, Open Command Prompt > gpupdate /force to get the new Policy. You need to restart the computer to take effect also. After Computer restart your computer is protected by Sophos Endpoint Security. The deploy time will take up to 12 minutes, it depends on your internet connection speed, to reduce the amount of time and save internet bandwidth refer to this article Sophos Endpoint – Saving Internet Bandwidth Using Update Cache and a Message Relay.
2. Another HOT step by using the third party deployment tool PDQ Deploy (Free Edition)
Download PDQ Deploy from https://www.pdq.com/ , then install.
Open PDQ Deploy, Create New Package for deployment
At Install File > browser and Open the previous batch script, click Save to finish.
Right-click Created Package > Deploy Once
Choose Targets > Active Directory
Assign the Computer to the Targets then click OK > click Deploy Now button
Reboot your Computer after the deployment to get Sophos to work properly.