Only Applies to SafeConsole 5.0 or lower versions. 

SafeConsole Ready Devices require a reg key and certificate to be present on initialization to connect to SafeConsole.

The certificate and reg key of the SafeConsole can be pushed to the user accounts using a GPO, which will force the devices to connect to SafeConsole when they initialize.

  • An Active directory template for the reg key is located at:  https://[server]/safeconsole/res/SafeConsole.adm
  • The certificate that you need to distribute is located at:  https://[server]/safeconsole/res/SafeConsole.crt 
    • The certificate is only needed to register legacy devices before 4.8.x or for admins who will be logging into the SafeConsole Server. 


Active Directory Instructions:

These steps might differ depending on what Windows version you have installed.

  1. Download the .crt and .adm files from the above locations.
  2. Open the Group Policy Object Editor on your domain controller. You may create a new GPO or use an existing one.
  3. Add the safeconsole.adm file to User Configuration | Administrative Templates.
  4. Right-click on the administrative template and choose “View > Filtering…”.
  5. Uncheck ”Only show policy settings that can be fully managed”.
  6. Enable the SafeConsole URL. Verify that it is correct.
  7. Go to “Computer Configuration | Windows Settings | Security Settings | Public Key Policies | Trusted Root Certification Authorities”. 
  8. Choose “Import…” and browse to the SafeConsole.crt you downloaded.
  9. Make sure the GPO is distributed to the clients. Depending on your own Group Policy refresh timings you may wish to force a Group Policy refresh – , (start, run, gpupdate /force – or perform a reboot).


To check that group policy has been pushed to your workstation, you can use REGEDIT (other tools are available of course) to check the registry for the following entries:

  • “My Computer\HKEY_Current_User\Software\Blockmaster\SafeStick”
  • “My Computer\HKEY_Current_User\Software\Blockmaster\DTVPM” 

To check that the certificate has been correctly distributed, you can try to access the SafeConsole administrative interface through Internet Explorer from a client machine. If you don’t get a certificate warning the certificate has been distributed.