The Sophos Community will be unavailable from 13:00 to 18:00 UTC this Saturday, October 1st for upgrades. Stay tuned to our Twitter account @SophosSupport for updates.
If you have received a Sophos Disk Encryption system policy from Sophos Support or downloaded a Sophos Disk Encryption system policy from the knowledge database, for security reasons, the system policy needs to be signed with the Company Certificate of the current Sophos Endpoint Security and Control environment, before the client will accept the system policy.
This article explains how to sign a system policy with the current company certificate.
Known to apply to the following Sophos product(s) and version(s) Beta Endpoint Security and Control 10.0 (encryption)Sophos Disk Encryption 5.61.0
Before you start, make sure that yow have the requirements to perform the action. You need:
Download and extract the SignFileWithCompCert.zip file, copy the SignFileWithCompCert.vbs and the System Policy (i.e. deactivate_ginachainrepair.xml) to a temporary location on the machine installed with the Sophos Enterprise Console 10.1 installed (i.e. C:\temp\)
Open a command prompt and use the SignFileWithCompCert.vbs to sign the system policy with the Company Certificate using the following syntax:
The script will now sign the specified system policy with the respective Company Certificate of the environment. The script will display that "Signing the System Policy was successful.". The signed system policy will reside in the same location as the original policy and will be saved under the same name as the original policy with the "_Signed.xml" extension.
To apply the system policy to the client machine, the signed system policy can now be copied into the Sophos Disk Encryption Client's import folder in the LocalCache:
On the Sophos Disk Encryption Client, from %WINDIR%\system32\, locate the tool "SGMCmdIntn.exe", and run it with -i from the commandline:
The signed system policy should now disappear from the import folder and be applied to the client.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.