Converting Sophos batch into powershell

We have been using a batch script, still recommended by Sophos, to install sophos on new computers and pcs. We really don’t like the clear text of batch, as most people shouldn’t at this point. The sophos install script is quite simple as shown below…

\\SophosUpdate\CIDs\S003\SAVSCFXP\setup.exe -user USERNAME -pwd PASSWORD -mng yes -updp \chmis3\SophosUpdate\CIDs\S003\SAVSCFXP


In trying to convert this over to powershell with my end goal to use secure hashes or lookups for the username and password through LDAPS, I am having the hardest time converting everything to run as it should.

Here is my code:

#declare Sophos Autoupdate Variables
$SophosUpdateX86 = Test-Path ‘C:\Program Files\Sophos\AutoUpdate\ALsvc.exe’
$SophosUpdateX64 = Test-Path ‘C:\Program Files (x86)\Sophos\AutoUpdate\ALSVC.exe’

#declare Sophos Installtion Variables
$SophosInstallX86 = Test-Path ‘C:\Documents and Settings\All Users\Application Data\Sophos\Remote Management System\3\Agent\AdapterStorage\SAV\SAVAdapterConfig’
$SophosInstallX64 = Test-Path ‘C:\ProgramData\Sophos\Remote Management System\3\Agent\AdapterStorage\SAV\SAVAdapterConfig’

#Set Username and Password as variables
$username = “DOMAIN\USERNAME”
$password = ‘PASSWORD’|ConvertTo-SecureString -AsPlainText -Force
$Cred = New-Object System.Management.Automation.PSCredential -ArgumentList $Username,$password

#Set variable for Sophos install
$program = “\SERVER\SophosUpdate\CIDs\S003\SAVSCFXP\Setup.exe /k”

Check for an existing installation of Sophos AutoUpdate on 32-bit or 64-bit

Check for installation files of Sophos on 32-bit or 64-bit

If all fail, Install Sophos from CHMIS3

If (!($SophosUpdateX64  -or  $SophosUpdateX86   -or $SophosInstallX64 -or $SophosInstallX86)){
        &$program -Credential $Cred -updp "\\SERVER\SophosUpdate\CIDs\S003\SAVSCFXP -mng yes"

The check part is successful, but getting the executable to run as a user isn’t working. That is the end part that doesn’t seem to work no matter how i change the position of -Credential or placement.

Any help would be much appreciated. It’s not pleasant that sophos itself still recommends putting domain admin username and passwords in batch scripts.


The ‘&’ method of executing a process doesn’t accept the -credential parameter. It looks like the setup executable is expecting the -user and -pwd parameters rather than trying to pass it a PowerShell credential object.

Once you have your PowerShell credential in $cred, you can build the parameters to be passed as a string and pull the username and password parts out of the credential object:

$params = "-user $($cred.username) -pwd $($cred.GetNetworkCredential().password) -mng yes -updp \\chmis3\SophosUpdate\CIDs\S003\SAVSCFXP"
& $program $params | out-null

The purpose of the pipe to ‘out-null’ is to ensure the script waits for it to complete before proceding.

I will try your method. Thanks for giving me the better knowledge of the ‘&’ method not accepting credentials. Great for future use. I’m fairly new so bare with me a bit…but learning…QUICKLY!! :slight_smile:

PS makes my head hurt after a couple hours…

I think this is on the right path… I see you made a variable out of taking values from variables and putting them inside.
It runs, but doesn’t fill in the user and pw for updating, and fails to install with what still look like user errors. :frowning:
And I used my own credentials as the variables which just worked to fully install using the batch script 10 minutes ago. So it seems like it’s not taking still.

Is there any way I could make command console open up and run the entire string as one? It’s possible that seperating the 2 strings is causing an issue. And when I do combine them into 1 variable it fails. But calling command console to open and run the string I think would do it.

Instead of putting the username and password in the script you could use Get-Credential. This will prompt for the username and password to be used. You can then use David’s suggestion of parsing the $cred object.

So your username/password block would look like this:

$cred = Get-Credential

Then your params variable would look the same as David suggested.

I think using the Get-Credential would be fine but i’m having a hard time using any variables inside the cmd.exe line.

Here is what I have so far.

#Set Sophos password taken from User and set $Cred as the password
$Password = Get-Credential -Credential hc\sophos
$Cred = $Password.GetNetworkCredential().password

# Check for an existing installation of Sophos AutoUpdate on 32-bit or 64-bit
# Check for installation files of Sophos on 32-bit or 64-bit
# If all fail, Install Sophos from CHMIS3
If (!($SophosUpdateX64  -or  $SophosUpdateX86   -or $SophosInstallX64 -or $SophosInstallX86)){
	Set-Location \\Chmis3\SophosUpdate\CIDs\S003\SAVSCFXP\
	cmd.exe Setup.exe -updp "\\Chmis3\SophosUpdate\CIDs\S003\SAVSCFXP" -user hc\sophos -pwd $Cred -mng yes