Recomended Practices for Deploying Sophos SG 6.1


I am currently in the middle of a Sophos Deployment and wanted to automate as much as possible. I am new to to this Product, as I used Symantec's PGP before. So I may be posting redundant information here, but I have looked around the forum and havent found a process for the current product

Our Process is as follow....

  1. Install, Fuse, Sophos SGE during post imaging
  2. Boot up & Manually drag config ZIP file onto sophos preferences
  3. Techs then enter Local admin account pw & then users acct & pw for encryption (which I don't think its good practice, but somehow feel for AD purposes is setup this way. if someone can explain this better, I would appreciate it.
  4. Machine Reboots & activation/Decription is started.

what I would like to accomplish is a practice where where less manual work is involved, and less end-user interaction upon deploying the machine.

I've looked around at the Activate Sophos, script, but that doesn't answer the dragging of the Config zip file manual process.

if anyone can point me to any documentation or links, it would be great.



Contributor II

There is a command it import the config file script. I am just using device encryption and for that fuse is not needed.

After safeguard is installed run sgdeadmin in terminal You will get all the command line help and there is a import command to bring in the config file.

I have not done this yet because I am having server side issue on the recovery end. I am using the enterprise product and as such need safeguard servers. But I am a large windows shop so I also have this.

Seems that they use the netbios name to track the machine server side. And this does not work properly on the mac. It need to report the name as and mine are reporting name.local. But it works fine with AD. If you don't have this issue you should be able to use composer to package the config file. place in on there mac and then run the sgdeadmin import command.

I will be back in the office on Tuesday and try this and let you know.


Thanks @MikeF I will be looking at this. at least if I can skip the step of dragging the file, that would save time and just boot machine to the password dialog will help.

New Contributor III

I am using this one:
A policy to deploy sophos, Trigger is recurring check in, execution frequency once every day.
Scope to the machines which has Sophos not installed, So it will keep on installing Sophos until it succeed.
Silly but works like a charm