Location roaming for laptops

Some laptop users may roam extensively or internationally within an organization. When location roaming is enabled (on an updating policy for roaming laptops), roaming laptops attempt to locate and update from the nearest update server location by querying other (fixed) endpoints on the local network they are connected to, minimizing update delays and bandwidth costs.

A roaming laptop gets update server locations and credentials by querying fixed computers on the same local network. If multiple locations are returned, the laptop determines which is nearest and uses that. If none work, the laptop uses the primary (then secondary) location(s) defined in its updating policy.

Note: When fixed computers send update locations and credentials to the laptop, passwords are obscured both in transmission and storage. However, accounts set up for endpoints to read update server locations should always be as restrictive as possible, allowing only read-only access. See Specify where the software is placed.

If you want to know in more detail how location roaming works, see How does location roaming work?

Location roaming is only usable where:

You enable location roaming as part of specifying sources for updates. Location roaming should only be enabled on groups of machines that frequently move from office to office. For information on how to enable location roaming, see Change primary server credentials.

For frequently asked questions about location roaming, see Sophos knowledgebase article 112830.