Perhaps, create a winrar SFX of ENS with the following SFX commands:
;The comment below contains SFX script commands
Setup="%SystemRoot%\Temp\ENS\setupEP.exe" ADDLOCAL="fw,tp,wc" [INSTALLDIR="install_path"][/qb][/qb!][/ l*v"install_log_path"]
SetupEP command-line options (self-managed) Page 47:
Host on a windows share: either GPO policy at logon or E-Mail out the windows share link
We have created a task with all the steps required and it seems to work quite well.
Here is a screenshot:
We are still testing it. and this is the one we got to work. We are still not sure if we need the /override"hips" line, or even exactly where it should go.
Please test this yourself, and provide input.
This is an ePO deployment which we have, but I need a local manual install for when a tech wants to manually install ENS because they are under a time crunch and can't wait for ePO to deploy before disconnecting from the network or when ePO is having an issue reaching a machine because they now have a different IP address than when they first booted up (DNS issue).
Guess you will have to script it then.
1 of 1 people found this helpful
I'm working on scripting myself. I've managed a three step process I put into a batch file that installs (1) the agent (framepkg), (2) most of the suite, and (3) threat intelligence. Essentially:
setupEP.exe ADDLOCAL="tp,fw,wc" /quiet /passive
Obviously you would have to add paths to your share. To install the suite, I have had to use the "Standalone" installer, but in conjunction with the *managed* agent from your ePO server, it should be the same as an ePO deployment via modules. The 'ADDLOCAL="tp,fw,wc"' option adds in the modules after the "platform" is installed. I'm still in the testing phase on this, so your mileage may vary. Incidentally, the setupTIE.exe install tends to run quietly, but will show up as a module in the suite shortly after install.
Note, the AMCore content (DATs, essentially) probably won't be updated initially, so you'll have to make sure your installer updates your install, or it's a lead balloon.
If you're deploying the TIE module, I presume you have a TIE/DXL topology. Don't forget to include the DXL client in your scripted install so the systems can communicate with TIE. My SCCM command line for that install is just: "dxlsetup.exe /install /quiet /norestart"
Also, if your Agent Repository policy is set to update from McAfee as a fallback (this needs to be in place when you generate the FramePkg.exe installer), then connectivity isn't needed back to ePO to get the AMCore (DAT) update; they should try to contact your ePO server, and when that fails, fallback to McAfee's servers.
We're not using TIE, so I don't have to mess with it.
If you're not using TIE, then there's no need to install the TIE/ATP module into ENS, which simplifies your install. :-)