Using ConfigCID.exe to implement XML configuration file changes

  • Artikel-ID: 13112
  • Bewertung:
  • Der Artikel wurde von 9 Kunden mit 3.1 von 6 bewertet
  • Aktualisiert: 26 Sep 2014

The command line utility ConfigCID.exe enables you to implement configuration changes contained in endpoint software XML configuration files, by modifying the catalog files in your update location (Central Installation Directory, or CID). Your computers will then update themselves with their new configuration from the XML configuration files.

Sophos AutoUpdate (the updating component of endpoint software) uses catalog files called cidsync.upd to determine which files it should download from an update location (CID). When you add XML configuration files (e.g. those created with ExportConfig.exe) to your update locations, you must update the catalog files to ensure that your XML files are used. The knowledgebase article on ExportConfig.exe describes how to create, and where to place, configuration XML files.

Known to apply to the following Sophos product(s) and version(s)
Sophos Update Manager
Sophos Enterprise Manager 4.7.0
Enterprise Console 5.2.1
Enterprise Console 5.2.0
Enterprise Console 5.1.0
Enterprise Console 5.0.0
Enterprise Console 4.7.0
Enterprise Console 4.5.0

What to do

Locating the utility

  • Enterprise Console 4.x: C:\Program Files\Sophos\Enterprise Console\SUM\
  • Enterprise Console 5 (upgraded from version 4): C:\Program Files\Sophos\Enterprise Console\SUM\
  • Enterprise Console 5 (fresh install): C:\Program Files\Sophos\Update Manager\

Note: On 64-bit computers 'Program Files' is 'Program Files (x86)'.

Running the utility

Note: To run ConfigCID.exe, you must have write access to the update location and as a local administrator on the management server.

  1. On the server with the Sophos Management Service, open a command prompt (Start | Run | Type: cmd.exe | Press return).
  2. Change directory to the correct folder as shown above.
  3. Type the utility's name followed by the path to the distribution folder.  Example:
    configcid \\[servername]\SophosUpdate\CIDs\S000\SAVSCFXP\

    Note: Replace 'S000' for the actual subscription folder name and 'SAVSCFXP' for the package folder.

Running the utility on a non-Sophos Management Service PC

Using version or later of ConfigCID.exe:

  1. On the management server, launch Regedit.exe and navigate to the following location:
    32-Bit: HKLM\Software\Sophos\Certification Manager\CertAuthStore\
    64-bit: HKLM\Software\WOW6432Node\Sophos\Certification Manager\CertAuthStore\
  2. Right-click on CertAuthStore and export to a '.reg' file.
    Note: If you intend to import the file on different platform architecture (for example, use an exported registry file from a 32-bit computer on a 64-bit computer), you will need to edit the reg file in Notepad, changing path in the square brackets as depicted in point 1.
  3. Import the reg file on the computer you intend to run ConfigCID.exe on. 
  4. Ensure that the access rights to the registry key are the same or equivalent to those set on the management server. In particular, only SYSTEM and Administrators should have access to the key.
  5. Destroy securely the exported reg file immediately after it has been used.

Note: If the CertAuthStore should change on the server with the Sophos Management Service for whatever reason (A clean re-install of Sophos Enterprise Console or a problematic migration), it must be updated on the computer running ConfigCID.exe also.

Technical Information

Before modifying the update location, and the catalog files that it contains, ConfigCID.exe performs some checks to ensure this can be done safely. Then ConfigCID.exe adds, removes, or changes the entries in the catalogue files for the xml files. Networked computers will then download the new configuration on their next scheduled update.

If you receive an error stating "Failed to open catalog..." see article 113640.

Error "Failed to read signing key"

Released with Sophos Update Manager version 1.4.2, ConfigCID.exe has been updated (version with a security enhancement ensuring files. The tool must now be run on the server that has the CertAuthStore key, this will be the server with the Sophos Management Service. This key can be imported to another server if required.

If running the tool on a windows 2008 server and above an elevated command prompt will be needed. To do this follow the steps below:
  1. Click Start
  2. All Programs
  3. Accessories
  4. Right Click on Command Prompt and choose Run As Administrator.

Changes in Sophos Auto Update 2.9.0 regarding customer files

In order to update successfully, you must use version (and later) of ConfigCID.exe. From Sophos Auto Update version 2.9.0 (Shipped with 10.2.4 Endpoint package), files that are changed/added to a CID will require a signing. If a signature is missing the update will fail for that package, see article 118821.

Wenn Sie weitere Informationen oder Unterstützung benötigen, wenden Sie sich bitte an den technischen Support.

Artikel bewerten

Ungenügend Hervorragend