This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 61%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Hi
I need to install sophos AV when new VM's are added to a host pool.
I can't script sophos installs via AIB as the application needs dynamic data from the Sophos Cloud Management Console to generealise the image and this is a manual job.
As such I am planning to deploy Sophos when a VM is added to a host pool via "ARM Template File URL":
However I have no idea how to script this .json file in order for this to work, I have googled quite a lot and this is the closer I got:
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json",
"contentVersion": "1.0.0.0",
"variables": {},
"resources": [
{
"type": "Microsoft.Compute/virtualMachines/extensions",
"apiVersion": "2018-06-01",
"name": "[concat(parameters('vmName'),'/CustomScriptExtension')]",
"location": "[resourceGroup().location]",
"properties": {
"publisher": "Microsoft.Compute",
"type": "CustomScriptExtension",
"typeHandlerVersion": "1.10",
"autoUpgradeMinorVersion": true,
"settings": {
"fileUris": [
"https://mystoracc.file.core.windows.net/scripts/sophos_install.ps1"
],
"timestamp": 202101021
},
"protectedSettings": {
"commandToExecute": "powershell.exe -ExecutionPolicy Unrestricted -File sophos_install.ps1"
}
}
}
]
}
But still not working.
I understand that the .json file should be stored on a blob and then the blob referenced on the AVD Post update custom configuration.
Any help would be awesome please!
Thanks all
Hi Everyone,
little help here please, can I have some pointers to how the template and parameter file should look like?
Thanks
@SenhorDolas , thank you for your question. Can you please try and create a SAS URI for the Azure Storage blob as described here and use the full URI in the ARM Template file URL field?
@SRIJIT-BOSE-MSFT
I can create the sas URI OK. My problem is the template file and template parameter format which I can’t grasp the correct format.
Would you be able to point me to an example.
All I need is to start a powershell script that is already stored on the machine or if I can downloaded the script and executable from my blob storage and run on the VM have adding to the host pool.
Many thanks
@SenhorDolas , thank you for your response. Please refer to this article for detailed information on Custom Script Extension schema. Please check if this helps.
Additional information:
Hi @SRIJIT-BOSE-MSFT
Thanks for your response however my problem is I cannot find a suitable template file/parameter file that will be accepted by the AVD wizard.
All I am looking for is a working example which I can build on.
Can you help me with this please?
@SenhorDolas , sorry for the delayed response.
Can you please check this out: https://github.com/DeanCefola/Azure-WVD/tree/master/WVDTemplates/WVD-NewHost/customimage ?
@SenhorDolas , sorry for the delayed response.
We are working with our internal teams on this. We shall update the thread as soon as we have more information.
@SRIJIT-BOSE-MSFT
I have a working json to create a folder but what I really need is that Sophos.exe is installed on deployment of the host.
Is this possible with CSE?
Thanks, M
So Dean has
},
"protectedSettings": {
"commandToExecute": "[concat ('powershell -ExecutionPolicy Unrestricted -File ', variables('firstFileName'), ' ', variables('arguments'))]"
}
If my script is in C:\source\sophos\sophos_install.ps1 how would I declare this on the script?
Thanks, M
Hi @SenhorDolas ,
you could try this (not tested by myself):
"protectedSettings": {
"commandToExecute": "powershell -ExecutionPolicy Unrestricted -NoProfile -NonInteractive -command "C:\source\sophos\sophos_install.ps1""
}
----------
(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)
Regards
Andreas Baumgarten
Thanks, I will test this ASAP and return results in. :)
Hi,
in general it's very disappointing that URL fields don't accept SAS tokens. Sometimes it's desired to not expose sensitive data in param file.
Are there any plans to start supporting it?
Thank you
Regards
Martin