Issue To import system policies (e.g. to deactivate the GINA chain repair mechanism) on a SafeGuard Enterprise Client, the system policy must be signed with the company certificate of the SafeGuard Enterprise Database first.
Known to apply to the following Sophos product(s) and version(s) SafeGuard Management Center / Local Policy Editor
To sign a file with the SafeGuard Enterprise Company Certificate, open the SafeGuard Enterprise Management Center and authenticate with a Security Officer who is allowed to open the "Options" dialog and has the right to sign files with the SafeGuard Enterprise Company Certificate.
Within the SafeGuard Enterprise Management Center, open the Options dialog by navigating to "Tools" -> "Options" and select the "Certificates" tab.
Click on "Sign File for Policy Cache..." and choose the file that should be signed with the SafeGuard Enterprise Company Certificate.
A dialog box will confirm the signing process of the file:
The new signed file will be placed to the same location as the source file and will be named %original_file_name%_signed.xml.
Example: When signing a source file called "deactivate_ginachainrepair.xml", the signed file will be named "deactivate_ginachainrepair_Signed.xml" and could now be used to import into a SafeGuard Enterprise Client.
SGMcmdintn.exe -i deactivate_ginachainrepair_Signed
The system policy will now be imported into the SafeGuard Client policy cache and should disappear from the import folder.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.