Sophos Anti-virus upgrade to Endpoint 9.5

I am currently deploying, to a schedule, a Sophos Endpoint upgrade to ICTST managed computers using Altiris Notification Server.

The installation has already deployed to OUCS computers managed by ICTST, so far with no failures and no negative reports.

Today I started piloting it on ICTST managed computers in Libraries and OUED (Estates).  I think it should be Ok but the install is not completely silent: annoyingly there are a couple of windows that pop up briefly towards the end, but they don’t take focus off of the user’s active window.

More information:

1. New Upgrade

From the end of November 2010, ICTST will be deploying a new version of the Sophos Anti-Virus client. The current version 7 will very soon be end of life and the Sophos support for it will end on 31st March 2011.

The new Sophos anti-virus client used by the ICT Support Team to protect their managed Windows computers is called “Sophos Endpoint Security and Control, version 9.5”, or simply “Endpoint 9.5”.

2. Roll-out to Windows computers managed by the ICT Support Team

During the roll-out the installation is mostly silent, but some small progress windows will flash up briefly during update activity towards the end.

The whole installation should be finished in around 10 minutes.

Depending on the configuration of your computer you will see some or all of the following icons and notifications during and after the installation and auto-update processes. It is important that if the “Your computer might be at risk” message / icon is not cleared automatically within a few minutes that you log an Incident with the helpdesk at

3. Errors

If any errors are encountered during the upgrade, or if the shield icon is not visible at all after about 15 minutes, please take a screenshot of any errors and log an incident with the helpdesk at

Posted in Work | Tagged , , , , | Comments Off on Sophos Anti-virus upgrade to Endpoint 9.5

OUCS Help Centre PCs Image

Currently I’m working on a new image for the OUCS Help Centre PCs.  Each year the Lecture room images in OUCS are updated, and a couple of months later the Help Centre ones are too: the image is very closely based on the Lecture room one.

The process, very roughly is:

1.  Using Altiris DS, create a folder containing all the updates and software that is to be included in the main image that will be delivered to every computer.  Therefore nothing that has unique GUIDs, or per unique per-computer settings, like the KeyServer client and WSUS ID (although actually I do setup the WSUS and run the Updates from a script before the image is taken, I do re-generate a unique WSUS ID afterwards) .  Also Anti-Virus is not stored in the main image, because major engine updates can cause problems to an image that is re-delivered in the future.

2.  Deliver a scripted XP install to an example of the Help Centre hardware.  Follow this with all the software collated in [1] above.

3.  Reduce the newly created main disk partition by 51GB (I use GParted), then use the Altiris hidden partition creator to create a 50GB partition and install WinPE 2 bootworks into it.

4.  Sysprep and take an image of the disk, ensuring that Slots 1 & 2 are both included in the image – the default image upload will only take the first partition into the image.

5.  Create a folder in Altiris DS containing the job to deliver the new main image, then deliver per machine or post image components, including Anti-Virus.  The next job in this folder is to automatically upload an image using the bootworks partition to the hidden partition.  This makes rebuilding the computers a doddle and means minimum network usage required when rebuilding.  The last jobs in this folder are post build tasks, such as updating Adobe Reader / plug-ins etc, updating AV, WSUS settings, any other post build automated tasks.  The tasks at the end will grow throughout the year as more things are required, but some of them will be assimilated into the main build the following year, as some will be this year from last year.

6.  At this stage the new folder of jobs can be delivered to all the Help Centre computers.

7.  A new set of jobs will be created as well that will just tell the bootworks partition to deliver the hidden image back to the main partition, then deliver the same extra jobs added to the end of the delivery at [5] above.

Blimey it sounds simple when you say it quick, but each build and image stage test [2], [3] and [4] above, can take nearly a whole day per attempt, so forgetting to include that little thing can cost a whole days effort.  This is another reason why there is the opportunity to add jobs to the build delivery at the later stages.

That’s me busy for the next week or so!


Posted in Work | Tagged , , , , , | Leave a comment

Hello world!

Hi, the intention of this blog is to brain-dump things to do with my role in the University, which is mainly providing apps packaging and deployment services to OUCS, Libraries and UAS.

Hope to speak again soon!


Posted in Play, Work | Leave a comment