Create configuration package for unmanaged endpoints

  1. In the SafeGuard Management Center, on the Tools menu, click Configuration Package Tool.
  2. Select Standalone client packages.
  3. Click Add Configuration Package.
  4. Enter a name of your choice for the configuration package.
  5. Specify a Policy Group which must have been created beforehand in the SafeGuard Management Center to be applied to the endpoints.
  6. Under POA Group, you can select a POA user group to be assigned to the endpoint. POA users can access the endpoint for administrative tasks after the SafeGuard Power-on Authentication has been activated. To assign POA users, the POA group must have been created beforehand in the Users and Computers area of the SafeGuard Management Center.
  7. If the currently active company certificate in the SafeGuard Enterprise Database differs from the one on the endpoints that should receive the new configuration package, select the appropriate CCO (Company Certificate Change Order).
    Note: Deployment of the new configuration package on the endpoint will fail, if the currently active company certificates in the SafeGuard Enterprise Database and on the endpoint do not match and no appropriate CCO is included.
  8. Under Key Backup Location, specify or select a shared network path for storing the key recovery file. Enter the share path in the following form: \\network computer\, for example \\mycompany.edu\. If you do not specify a path here, the end user is prompted to name a storage location for this file when first logging on to the endpoint after installation.

    The key recovery file (XML) is needed to enable recovery of Sophos SafeGuard protected endpoints and is generated on each Sophos SafeGuard protected endpoint.

    Note: Make sure to save this key recovery file at a file location accessible to the helpdesk. Alternatively, the files can be provided to the helpdesk by different mechanisms. This file is encrypted by the company certificate. It can therefore be saved to any external media or to the network to provide it to the helpdesk for recovery purposes. It can also be sent by e-mail.
  9. Specify an output path for the configuration package (MSI).
  10. Click Create Configuration Package.

The configuration package (MSI) has now been created in the specified directory. You now need to distribute and deploy this package to the endpoints.