Known to apply to the following Sophos product(s) and version(s) SafeGuard Device Encryption
Operating System Operating System independent
Question What is the difference between the SafeGuard Enterprise Service Account User and the POA user?
Answer SafeGuard Enterprise supports two kinds of “support users”: 1. “Service-Users” also called “Service Account Users”.
Service Account Users are users that are defined on a Service Account List (SAL). The Service Account List is centrally created in the SafeGuard Enterprise Management Center and deployed via policy.
The users on the Service Account List do not activate the POA - they will not be imported into the POA. This means that these users will not be able to login in at POA level at any time. The role of these users is to maintain machines “before” they are handed over to a designated users.
2. “POA Users” also called "Rollout Accounts".
POA users are only available at POA level and not under Windows! Although these users have a dedicated password and a certificate, they do not activate the POA. The role of these users is to maintain machines with an active POA.
POA users were initially designed for unmanaged clients but as of version 5.60 they are also available for managed clients. Distribution is done either via the configuration package (unmanaged) or centrally in the Management Center (managed clients).
Both types of user are only intended for maintenance purposes.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.