The 'User is allowed to create a local key' policy object is grayed out and cannot be configured.
Known to apply to the following Sophos product(s) and version(s)
SafeGuard Management Center
What To Do
This setting is a machine setting, and therefore must be defined at the top level of all possible encrypted drives. This means that the policy needs to be set to "
File based encryption" for "
Local Storage Devices"
After that, the setting will no longer be greyed out and can be configured.
Note: File Based encryption policies that are defined for boot volumes will have no effect with regards to the encryption status. This means that the "User is allowed to create local key" setting will be applied but no file based encryption for that device will be started.