Command line parameters used by Setup.exe
This article provides information that applies to Sophos installations on either physical or virtual systems.
Known to apply to the following Sophos product(s) and version(s)
Sophos Endpoint Security 9.7
Sophos Endpoint Security and Control 9.7
For Sophos installations that are running on a physical (i.e. non-virtual) machine or system:
You can perform customized installations of endpoint software (Sophos Anti-Virus, Sophos Remote Management System, Sophos Client Firewall and Sophos NAC) on Windows computers by running the setup.exe program from a command line. This allows you to deploy endpoint software to your network using a startup script and the installation method of your choice, as well as invoking some of the special features described below.
For Sophos products installed on a virtual machine or system:
You can embed an installation of endpoint software on Windows computers by running the setup.exe program from a command line. This allows you to deploy to your network using a startup script. This will ensure that when you create a new virtual machine from the template library that it installs the specified anti-virus software, helping you ensure that all new virtual machines are properly protected.
See also Best Practice guide to running Sophos on virtual systems
Location
By default, setup.exe is located in the root directory of each update location. In Enterprise Console or Enterprise Manager, this is at \\servername\Sophos Update\CIDs\Sxxx\[package name]
NOTE: The Setup.exe file in the update location can be used with command line parameters. The Setup.exe file version that comes with the standalone installer package of Sophos Endpoint Security does not support extra parameters.
Command line parameters:
Example: SETUP [-mng yes|no] [-scf] [-nac http://<NACSERVERADDRESS>] [-crt R] [-updp <path>] [-user <username>] [-pwd <password>] [-mngcfg <RMS config path>] [-compname <computername>] [-compdesc <computerdescription>] [-domain <domainname>] [-G <groupname>] -s -ni -?
| Parameter | Default | Description |
|---|---|---|
| -mng yes|no | yes | Is the computer to be managed? |
| -scf | Install Sophos Client Firewall (Windows 2000+) | |
| -patch http://<MANAGEMENTSERVERADDRESSr> | Installs Sophos Patch agent and specifies the address of the Sophos management server. Only available with version 10+. | |
| -nac http://<NACSERVERADDRESS> | Installs network access control and specifies the address of the Sophos NAC server | |
| -crt R | Removes third-party security software automatically | |
| -updp <path> | <location of setup.exe> | Location of the primary CID from where the computer will get its updates. |
| -user <username> | blank | Account for accessing the primary CID location. |
| -pwd <password> | blank | Password for the above account. |
| -ouser <username> | Obfuscated account name for accessing the CID location, if required. | |
| -opwd <password> | Obfuscated password. | |
| -mngcfg <RMS config path> | <location of Setup.exe> | Location of the RMS configuration files. |
| -compname <computername> | Specify a computer name to override the one used in Windows. This name will appear in Enterprise Console. Notes:
| |
| -compdesc <computerdescription> | Specify a computer description to override the one used in Windows. This description will appear in Enterprise Console. | |
| -domain <domainname> | Specify a domainname to override that on the client. This name will appear in Enterprise Console/ Manager. | |
| -G \<nameofserver>\<Groupname> | Specifies the group (set up in Enterprise Console/ Manager) to which the computer will belong.
Example: "\[SecServerName]\TopLevelGroup\Group" | |
| -rlogin | Start reinstallalation on Windows 95/98/Me computers from login scripts. | |
| -login | Start installation on Windows 95/98/Me computers from login scripts. | |
| -s | No | Perform installation silently. |
| -ni | No | Perform a non-interactive installation. |
| -? | Display command line parameter help. |
Setup.exe can return one of the following values:
| Value | Description |
|---|---|
| 0 | Installation was successful. |
| 1 | A command line parameter value is missing or an unrecognized parameter was specified. |
| 2 | Verification of the AutoUpdate package failed. The package files did not match the manifest. |
| 3 | AutoUpdate was already installed. |
| 4 | AutoUpdate does not support this operating system. |
| 5 | AutoUpdate requires Internet Explorer 5.0 or above; the system does not have this version of IE. |
| 6 | Installation of AutoUpdate failed. |
| 7 | Some file that was required could not be found e.g. an RMS configuration file or Sophos AutoUpdate.msi |
| 99 | Some other error occurred. |
Note: If you run an unknown parameter, the following error message will be displayed:
Setup
Could not find resource string 122
If you do not click 'OK', this message will close automatically after 60 seconds.
Setup.exe requires a directory named 'sau' to exist in the same directory as itself. This directory must contain a valid Sophos AutoUpdate package including manifest.dat (required by setup.exe) and cidsync.upd (required by the AutoUpdate installation).
Setup.exe creates the file 'Sophos ES setup.log' in the %TEMP% directory of each installed computer, where information and errors are logged. Information generated by the Windows Installer during the installation of AutoUpdate is also logged here. Each time setup is run, any previous log file is deleted.
Example usage
The following table shows a few examples on how to construct a command line installation of Sophos endpoint security software.
| I want to... | Command |
|---|---|
| Display the usage options... | setup.exe -? |
| Install the basic endpoint software and manage the client (install the Remote Management System component; install the firewall; detect and remove 3rd party security software; update from "myServer"; obfuscate the credentials... | setup.exe -mng yes -scf -crt R -updp \\myServer\Sophos\CIDs\S000\savscfxp\ -ouser SIhvF6vRtcGyG0mpJWdvIAc= |
| Same as above but also install the Sophos Patch agent (only available with version 10+)... | setup.exe -mng yes -scf -crt R -updp \\myServer\Sophos\CIDs\S000\savscfxp\ -ouser SIhvF6vRtcGyG0mpJWdvIAc= |
If you need more information or guidance, then please contact technical support.
- Article ID: 12570
- Created: 10 Feb 2005
- Last updated: 10 Feb 2012
