Known to apply to the following Sophos product(s) and version(s)
SafeGuard Device Encryption
Operating System independent
What is the difference between the SafeGuard Enterprise Service Account User and the POA user?
SafeGuard Enterprise supports two kinds of “support users”:
1. “Service-Users” also called “Service Account Users”.
Service Account Users are users that are defined on a Service Account List (SAL). The Service Account List is centrally created in the SafeGuard Enterprise Management Center and deployed via policy.
The users on the Service Account List do not activate the POA - they will not be imported into the POA. This means that these users will not be able to login in at POA level at any time. The role of these users is to maintain machines “before” they are handed over to a designated users. Details on creating a Service Account List can be found in the knowledgebase article: Using Service Accounts names in SafeGuard Enterprise.
2. “POA Users” also called "Rollout Accounts".
POA users are only available at POA level and not under Windows! Although these users have a dedicated password and a certificate, they do not activate the POA. The role of these users is to maintain machines with an active POA.
POA users were initially designed for unmanaged clients but as of version 5.60 they are also available for managed clients. Distribution is done either via the configuration package (unmanaged) or centrally in the Management Center (managed clients).
Both types of user are only intended for maintenance purposes.