Secure Wake on LAN example

The software rollout team informs the SafeGuard Enterprise security officer about a software rollout planned for September 25th, 2014 between 03:00 and 06:00 am. Two reboots are required. The local software rollout agent must be able to log on to Windows.

In the SafeGuard Management Center, the security officer creates a policy of the type Specific Machine Settings with the following settings and assigns it to the relevant endpoints.

Policy Setting Value
Number of auto logons (0 = no WOL) 5
Windows logon allowed during WOL Yes
Start of time slot for external WOL Start 24th Sept., 2014, 12:00
End of time slot for external WOL Start 25th Sept., 2014, 06:00

For further information on the individual settings, see Specific machine settings - basic settings.

As the number of autologons is set to 5, the endpoint starts 5 times without authentication through the SafeGuard POA.

Note: For Wake on LAN, we recommend that you allow three more restarts than necessary to overcome any unforeseen problems.

The security officer sets the time interval to 12 o'clock midday on the day before the software rollout. In this way, the scheduling script SGMCMDIntn.exe is started in time and WOL starts no later than the 25th September at 3:00 am.

The software rollout team creates two commands for the scheduling script:

The software rollout script is dated 25.09.2014, 03:00. WOL can be explicitly deactivated again at the end of the script by using SGMCMDIntn.exe -WOLstop.

All endpoints which log on before the 24th of September 2014 and which connect to the rollout servers will receive the new policy and the scheduling commands.

Any endpoint on which the schedule triggers the command SGMCMDIntn -WOLstart between 24th Sept. 2014, 12:00 midday and 26th Sept. 2014, 09:00 am falls within the WOL time interval and therefore Wake on LAN will be activated.