In the SafeGuard Management Center, on the Tools
menu, click Configuration Package Tool.
Select Standalone client packages.
Click Add Configuration Package.
Enter a name of your choice for the configuration package.
Specify a Policy Group which must have been created
beforehand in the SafeGuard Management Center to be applied to the
Under POA Group, you can select a POA user group to
be assigned to the endpoint. POA users can access the endpoint for
administrative tasks after the SafeGuard Power-on Authentication has been
activated. To assign POA users, the POA group must have been created
beforehand in the Users and Computers area of the
SafeGuard Management Center.
If the currently active company certificate in the SafeGuard Enterprise
Database differs from the one on the endpoints that should receive the new
configuration package, select the appropriate CCO
(Company Certificate Change Order).
Note: Deployment of the new configuration package on the endpoint will fail,
if the currently active company certificates in the SafeGuard Enterprise
Database and on the endpoint do not match and no appropriate
CCO is included.
Under Key Backup Location, specify or select a
shared network path for storing the key recovery file. Enter the share path
in the following form: \\network computer\, for example
\\mycompany.edu\. If you do not specify a path here,
the end user is prompted to name a storage location for this file when first
logging on to the endpoint after installation.
The key recovery file (XML) is needed to enable recovery of Sophos
SafeGuard protected endpoints and is generated on each Sophos SafeGuard
Note: Make sure to save this key recovery file at a file location accessible
to the helpdesk. Alternatively, the files can be provided to the
helpdesk by different mechanisms. This file is encrypted by the company
certificate. It can therefore be saved to any external media or to the
network to provide it to the helpdesk for recovery purposes. It can also
be sent by e-mail.
Specify an output path for the configuration package (MSI).
Click Create Configuration Package.
The configuration package (MSI) has now been created in the specified directory. You now need to
distribute and deploy this package to the endpoints.