This article provides information on the Sophos tool 'ExportPrivateStore.exe'.
Note: For Enterprise Console 5.2 and later, this tool is no longer supported. Instead the tool 'DatabackupRestore.exe' should be used as part of server to server migrations or as part or routine backups of the system.
First seen in
Enterprise Console 4.0.0
What is the 'Private Store'?
When you enter account information into the console:
- Your Sophos-issued download credentials for Sophos Update Manager (SUM).
- Windows user account credentials that endpoints use to update from the central share.
- Windows user account that SUM uses to write to remote shares.
- Windows user account used to query Active Directory (when you have enabled AD synchronization).
...it is securely saved in the registry of the Sophos Management Server, in the 'Private Store'.
What is the 'ExportPrivateStore.exe' tool?
The 'ExportPrivateStore.exe' tool is a command line program. It can securely export all Private Store information from a management server installation. This information can then be imported back into the registry later on.
This tool is useful in migration and disaster recovery situations.
Shouldn't I use the DataBackupRestore.exe tool instead?
The DataBackupRestore.exe tool is the preferred and recommended method of backing up and restoring the Private Store. However it is not always possible to use the tool (where indicated in other knowledgebase articles) and hence this tool is still available.
What are the command line parameters for the tool?
-i, --import : Adds items from the specified file to the private store
-e, --export : Exports items from the private store to the specified file
-d, --delete : Deletes the contents of the private store (USE WITH CAUTION!)
-f, --force : Overwrite the existing file when exporting
OR overwrite existing items when importing
OR suppress confirmation when deleting
-s, --sync-settings : Include AD synchronization settings
-v, --version : Display version information
-h, --help : Shows this message
Is there a certain level of Windows security permission required to run the tool?
Yes. This program will work only when executed as LocalSystem.
To do this, download PsExec and prefix the command line with
Where can I download the tool from?
Use the links below to download the correct version of the tool for the console version you have installed. You will need your MySophos credentials.
Can you give me an example of how to use the tool with PsExec?
- Download the PsExec and the correct version of ExportPrivateStore for your console (see table above).
- Extract the ExportPrivateStore tool to the default location (i.e., for SECv5.1 the folder is:
- Copy PsExec.exe into the C:\sec_51\tools\ folder.
- Open a command prompt (Start | Run | Type:
cmd.exe | Press return).
- Change directory to the folder (i.e.,
psexec.exe -s C:\sec_51\tools\ExportPrivateStore.exe -e C:\sec_51\tools\SophosPS-export.xml
Note: The full paths to the tool and where to save the output XML file are required as using 'PsExec.exe -s' actually makes the active folder of the command prompt 'C:\Windows\system32\'.
The Private Store is has now been securely exported to an XML file called 'SophosPS-export.xml' the 'C:\sec_51\tools\' folder.