Sophos SafeGuard Disk Encryption for Mac: Power-On Authentication can be turned off permanently

  • Article ID: 116814
  • Updated: 29 Jan 2014

As of Sophos SafeGuard Disk Encryption for Mac 6.0.x it is now possible to deactivate the power-on authentication permanently. 

A deactivated POA keeps the partitions encrypted, but does not require interactive authentication at pre-boot. This enables e.g. the use of unannounced operating system boot-ups via Wake-on Lan.

Please note: The security of SafeGuard Encryption 6.0.x for Mac is lowered in this POA state, as POA boot does not require any user interaction.  

Known to apply to the following Sophos product(s) and version(s)
Sophos SafeGuard Disk Encryption for Mac 6.01.0
Sophos SafeGuard Disk Encryption for Mac 6.00.0


Operating systems
All supported operating systems


What To Do

The POA can be turned on and off via GUI or SGADMIN. 

Please note: Turning the POA on or off requires an additional SafeGuard admin authentication.

Via GUI:

The SGADMIN commands are:


  • sgadmin --poa on (turn on POA)
  • sgadmin --poa off (turn off POA)

WARNING: Disabling Power-on Authentication reduces the level of security for your system and is therefore not recommended!



This information is NOT valid for SafeGuard Disk Encryption for Mac version 6.10.

If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent