Deploying the Agent Using SMS
Using SMS 2003 for a Silent Sophos NAC Agent Installation
Deploying the Agent Using SMS 2003
Copyright 2007 Sophos Group. All rights
reserved. No part of this publication
may be reproduced, stored in retrieval
system, or transmitted, in any form or
by any means electronic, mechanical,
photocopying, recording or otherwise
unless you are either a valid licensee
where the documentation can be
reproduced in accordance with the license
terms or you otherwise have the prior
permission in writing of the copyright
owner.
All other product and company names
are trademarks or registered trademarks
of their respective owners.
Document version 3.0
Published July 2007
2
Deploying the Agent Using SMS 2003
Table of Contents
Using SMS 2003 for a Silent Sophos NAC Agent Installation.......................................................4
General Approach................................................................................................................................................... 4
Packaging the Registry Setting with the Agent Installation.................................................................................... 4
Creating an SMS Package to Deliver the EXE File................................................................................................ 8
3
Deploying the Agent Using SMS 2003
Using SMS 2003 for a Silent Sophos NAC Agent Installation
®
You can use Microsoft
you install the Quarantine Agent on Windows 98SE, you must defer the Agent installation until the next time
the endpoint starts. Use the SMS Installer utility to complete this task because SMS alone cannot defer an
installation until an endpoint restarts. This document describes how to use the SM S Installer utility to defer the
Agent installation until an endpoint restarts.
General Approach
You must complete several steps for SMS to complete a silent installation of the Agent when an endpoint
restarts. The SMS package must update a registry entry that forces the Agent in stallation to run when an
endpoint restarts. SMS pushes the package to endpoints and the package is installed immediately. This
installation is not the Agent, only the package that includes the registry update a nd the Agent installation file.
The next time the endpoint starts, the Agent installs.
In the following example, the SMS Installer utility is used to package the registry update and the Agent
installation file. This utility is available from Microsoft at http://www.microsoft.com/smserver/downloads.
System Management Server (SMS) 2003 to install the NAC Agent on endpoints. When
Packaging the Registry Setting with the Agent Installation
1. Place a copy of the Sophos NAC Agent installation MSI file in a temporary directory.
2. Open the SMS Installer utility.
3. From the Installation Attributes list , select Installation Interface.
4. Click Properties. The Installation Interface window displays.
4
Deploying the Agent Using SMS 2003
5. Click the Media tab, and then select the Single File Installation option button.
6. Click the Application tab, and then type a Software Title and Default Directory.
Note: Do not select the Place default directory und er Program Files check box.
5
Deploying the Agent Using SMS 2003
7. Click the Dialogs tab, clear the Destination Directory, and select the Select Icon Group Name check box.
8. Click OK to close the Installation Interface window.
9. From the Installation Attributes list , select Applica tion Files.
10. Click Properties. The Application Files window displays.
11. Click the Files tab, expand the drive under My Computer to display the directory where you placed the Sophos
NAC Agent installation file.
12. Click Ad d Cont ents to add this file to the Destination Computer.
6
Deploying the Agent Using SMS 2003
13. Click OK to cl ose the Application Files window.
14. From the Installation Attributes list, select User Configuration.
15. Under Summary Information, select Registry Key s, and then click Properties.
16. Click the Registry tab, expand the registry tree under My Computer to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce, and then click Add
Keys.
17. Select the <default> key value, and then click Details to display the Registry Key Settings window.
18. From the Operation list box, select Create/Update key and v alue.
19. Type a Value Name and a Data Value, and then select a String from the Data Type list box.
Note: The Data Value must be ‘msiexec \i “C:\<install directory>\<AgentInstall.msi>” \qn’. The Data Type must
be String. This registry entry is the command that is run the next time the endpoint restart s after the install ation.
20. Click OK two times to close the windows and return to the main window.
21. Click Compile. A Save As window displays.
7
Deploying the Agent Using SMS 2003
22. Save the SMS Installer project as an IPF file. The following window displays the progress of the compilation of
the self-installing EXE.
Sophos NAC Agent and registry setting have now been packaged as an installable EXE file.
Creating an SMS Package to Deliver the EXE File
Once you have created an EXE for the registry entry and the Agent, you must create a SMS package to
install the software on endpoints.
1. Open the SMS Administrator MMC snap-in, and select Site Database > Collections.
2. Right-click the collection to which the package will be delivered, click All Tasks > Distribute Software to
access the Distribute Software to Collection Wizard.
8
Deploying the Agent Using SMS 2003
3. Click Next on the Welcome window.
4. Select the Create a new package and program option button. Click Next.
5. Type a Name, and then click Next.
9
Deploying the Agent Using SMS 2003
6. Select the Create a compressed version of the s ource option button, and then click Next.
7. Select the Local drive on site server. Click Browse, and then select the source directory in the Browse for
Folder window.
10
Deploying the Agent Using SMS 2003
8. Click OK to close the Browse window. You return to the completed Source File Compression window. Click
Next.
9. Select the appropriate check box to select the site server. Click Next.
11
Deploying the Agent Using SMS 2003
10. Type a name, and then click Browse. Select the EXE file you created with the SMS Installer utility, and then
click Next.
11. Select the Run with administrative rights check box, and then click Next.
12
Deploying the Agent Using SMS 2003
12. Select the Yes option button, and then click Next.
13. On the Select a Program to Advertise window, keep the default settings, and then click Next.
13
Deploying the Agent Using SMS 2003
14. On the Advertisement Target, choose to Advertise to an existing collection or a new collection. In this example,
select the Advertise this program to an existing collection radio button, and then click Browse to select the
desired collection.
15. On the Advertisement Name window, type a Name, and then click Next.
14
Deploying the Agent Using SMS 2003
16. On the Advertise to Subcollections window, you can choose to send it only to members of your collection or to
members of subcollections. In this example, keep the default option button selection to send the Agent to all
systems.
Note: If you need to only send the advertisement to a limited number of systems within a given collection, then
select the Advertise the program to members of subcollections well option button, and then click Next.
17. On the Advertisement Schedule window, as needed, change the date and time when the program will be
advertised, and then click Next.
15
Deploying the Agent Using SMS 2003
18. On the Assign Program window, keep the default settings, and then click Next.
19. Click Finish to complete the wizard.
When this wizard completes, the packa ge is advertised on SMS to be installed on all endpoints found in
the collection. When the package is installed on an en dpoint, it places a copy of the Agent installation
file in the directory that is specified in the installation program. Nothing else happens until the endpoint
is restarted. When the endpoint restarts, the command specified in the RunOnce registry entry is
executed. This command silently executes the Agent installation. When the installation successfully
completes, the NAC Agent is in stalled.
16
Loading...