Converting Sophos batch into powershell

This topic contains 6 replies, has 3 voices, and was last updated by Profile photo of Jeff Scharfenberg Jeff Scharfenberg 1 month, 1 week ago.

  • Author
    Posts
  • #55735
    Profile photo of Jeff Scharfenberg
    Jeff Scharfenberg
    Participant

    We have been using a batch script, still recommended by Sophos, to install sophos on new computers and pcs. We really don't like the clear text of batch, as most people shouldn't at this point. The sophos install script is quite simple as shown below....

    \\chmis3.hc.henrycrown.com\SophosUpdate\CIDs\S003\SAVSCFXP\setup.exe -user USERNAME -pwd PASSWORD -mng yes -updp \\chmis3\SophosUpdate\CIDs\S003\SAVSCFXP

    PAUSE

    In trying to convert this over to powershell with my end goal to use secure hashes or lookups for the username and password through LDAPS, I am having the hardest time converting everything to run as it should.

    Here is my code:

    #declare Sophos Autoupdate Variables
    $SophosUpdateX86 = Test-Path 'C:\Program Files\Sophos\AutoUpdate\ALsvc.exe'
    $SophosUpdateX64 = Test-Path 'C:\Program Files (x86)\Sophos\AutoUpdate\ALSVC.exe'

    #declare Sophos Installtion Variables
    $SophosInstallX86 = Test-Path 'C:\Documents and Settings\All Users\Application Data\Sophos\Remote Management System\3\Agent\AdapterStorage\SAV\SAVAdapterConfig'
    $SophosInstallX64 = Test-Path 'C:\ProgramData\Sophos\Remote Management System\3\Agent\AdapterStorage\SAV\SAVAdapterConfig'

    #Set Username and Password as variables
    $username = "DOMAIN\USERNAME"
    $password = 'PASSWORD'|ConvertTo-SecureString -AsPlainText -Force
    $Cred = New-Object System.Management.Automation.PSCredential -ArgumentList $Username,$password

    #Set variable for Sophos install
    $program = "\\SERVER\SophosUpdate\CIDs\S003\SAVSCFXP\Setup.exe /k"

    # Check for an existing installation of Sophos AutoUpdate on 32-bit or 64-bit
    # Check for installation files of Sophos on 32-bit or 64-bit
    # If all fail, Install Sophos from CHMIS3
    If (!($SophosUpdateX64 -or $SophosUpdateX86 -or $SophosInstallX64 -or $SophosInstallX86)){
    &$program -Credential $Cred -updp "\\SERVER\SophosUpdate\CIDs\S003\SAVSCFXP -mng yes"

    The check part is successful, but getting the executable to run as a user isn't working. That is the end part that doesn't seem to work no matter how i change the position of -Credential or placement.

    Any help would be much appreciated. It's not pleasant that sophos itself still recommends putting domain admin username and passwords in batch scripts.

    thanks,

  • #55739
    Profile photo of David W Knight
    David W Knight
    Participant

    The '&' method of executing a process doesn't accept the -credential parameter. It looks like the setup executable is expecting the -user and -pwd parameters rather than trying to pass it a PowerShell credential object.

    Once you have your PowerShell credential in $cred, you can build the parameters to be passed as a string and pull the username and password parts out of the credential object:

    $params = "-user $($cred.username) -pwd $($cred.GetNetworkCredential().password) -mng yes -updp \\chmis3\SophosUpdate\CIDs\S003\SAVSCFXP"
    & $program $params | out-null
    

    The purpose of the pipe to 'out-null' is to ensure the script waits for it to complete before proceding.

  • #55742
    Profile photo of Jeff Scharfenberg
    Jeff Scharfenberg
    Participant

    I will try your method. Thanks for giving me the better knowledge of the '&' method not accepting credentials. Great for future use. I'm fairly new so bare with me a bit...but learning...QUICKLY!! 🙂

    PS makes my head hurt after a couple hours....

  • #55747
    Profile photo of Jeff Scharfenberg
    Jeff Scharfenberg
    Participant

    I think this is on the right path... I see you made a variable out of taking values from variables and putting them inside.
    It runs, but doesn't fill in the user and pw for updating, and fails to install with what still look like user errors. 🙁
    And I used my own credentials as the variables which just worked to fully install using the batch script 10 minutes ago. So it seems like it's not taking still.

  • #55750
    Profile photo of Jeff Scharfenberg
    Jeff Scharfenberg
    Participant

    Is there any way I could make command console open up and run the entire string as one? It's possible that seperating the 2 strings is causing an issue. And when I do combine them into 1 variable it fails. But calling command console to open and run the string I think would do it.

  • #55751
    Profile photo of Matt Howard
    Matt Howard
    Participant

    Instead of putting the username and password in the script you could use Get-Credential. This will prompt for the username and password to be used. You can then use David's suggestion of parsing the $cred object.

    So your username/password block would look like this:

    $cred = Get-Credential

    Then your params variable would look the same as David suggested.

  • #56417
    Profile photo of Jeff Scharfenberg
    Jeff Scharfenberg
    Participant

    I think using the Get-Credential would be fine but i'm having a hard time using any variables inside the cmd.exe line.

    Here is what I have so far.

    #Set Sophos password taken from User and set $Cred as the password
    $Password = Get-Credential -Credential hc\sophos
    $Cred = $Password.GetNetworkCredential().password
    
    # Check for an existing installation of Sophos AutoUpdate on 32-bit or 64-bit
    # Check for installation files of Sophos on 32-bit or 64-bit
    # If all fail, Install Sophos from CHMIS3
    If (!($SophosUpdateX64  -or  $SophosUpdateX86   -or $SophosInstallX64 -or $SophosInstallX86)){
    	Set-Location \\Chmis3\SophosUpdate\CIDs\S003\SAVSCFXP\
    	cmd.exe Setup.exe -updp "\\Chmis3\SophosUpdate\CIDs\S003\SAVSCFXP" -user hc\sophos -pwd $Cred -mng yes
    	}
    	Exit
    

You must be logged in to reply to this topic.