Prepare the installation script


  • Endpoints must have been prepared for encryption.

  • Decide which encryption package and features you want to install.

To install the encryption software centrally:

  1. Create a folder called Software to use as a central store for all applications.
  2. Use your own tools to create a package to be installed on the endpoints. The package must include the following in the order mentioned:
    Package Description
    Pre-installation package SGxClientPreinstall.msi

    (Windows 7 only)

    The mandatory package provides the endpoints with the necessary requirements for a successful installation of the current encryption software, for example the required DLL MSVCR100.dll.

    Note: If this package is not installed, installation of the encryption software is aborted.
    Encryption software package For a list of available packages see Installing packages and features.
    Configuration package for endpoints Use the configuration packages created before in SafeGuard Management Center. Different configuration packages need to be installed for managed and unmanaged endpoints, see Creating configuration packages. Make sure that you delete any old ones first.
  3. Create a script with the commands for the pre-configured installation. The script must list which features of the encryption software you want to install, see Feature parameters for ADDLOCAL option. Open a command prompt, and then type the scripting commands. For the command-line syntax, see Command line options for central installation.
  4. Distribute this package to the endpoints using company software distribution mechanisms.

    The installation is executed on the endpoints. The endpoints are then ready to be used with SafeGuard Enterprise.

  5. To activate Power-on Authentication, restart the endpoint twice. Restart once more to perform a backup of the kernel data on every Windows boot. Make sure that the computer is not put into hibernation, sleep or hybrid sleep mode before the third restart to successfully complete the kernel backup.
Additional configuration may be required to ensure that Power-on Authentication (POA) functions correctly on each hardware platform. Most hardware conflicts can be resolved using the Hotkeys built into the POA. Hotkeys can be configured in the POA after installation or by an additional configuration setting passed to the Windows Installer command msiexec. For further information, see Sophos knowledgebase articles 107781 and 107785.