To import system policies (e.g. to deactivate the GINA chain repair mechanism) on a SafeGuard Enterprise Client, the system policy must be signed with the company certificate of the SafeGuard Enterprise Database first.
Known to apply to the following Sophos product(s) and version(s)
SafeGuard Management Center
What To Do
To sign a file with the SafeGuard Enterprise Company Certificate, open the SafeGuard Enterprise Management Center and authenticate with a Security Officer who is allowed to open the "Options" dialog and has the right to sign files with the SafeGuard Enterprise Company Certificate.
Within the SafeGuard Enterprise Management Center, open the Options dialog by navigating to "Tools" -> "Options" and select the "Certificates" tab.
Click on "Sign File for Policy Cache..." and choose the file that should be signed with the SafeGuard Enterprise Company Certificate.
A dialog box will confirm the signing process of the file:
The new signed file will be placed to the same location as the source file and will be named %original_file_name%_signed.xml.
Example: When signing a source file called "deactivate_ginachainrepair.xml", the signed file will be named "deactivate_ginachainrepair_Signed.xml" and could now be used to import into a SafeGuard Enterprise Client.
The signed version of the system policy can now be imported to the SafeGuard Enterprise Client:
- On the SafeGuard Client, copy the file to the import folder
- on Windows XP C:\Documents and Settings\All Users\Application Data\Utimaco\SafeGuard Enterprise\Import
- on Windows Vista / Windows 7: C:\ProgramData\Utimaco\SafeGuard Enterprise\Import
- From %WINDIR%\system32\, locate the tool "SGMCmdintn.exe", and run it with -i switch (import) from the commandline: "
SGMcmdintn.exe -i deactivate_ginachainrepair_Signed"
The system policy will now be imported into the SafeGuard Client policy cache and should disappear from the import folder.