1. Enable write protection

  • Login to SafeConsole with an Admin account.
  • Go to Policies tab.
  • Choose the Domain/OU for the users you want to manage.
  • Scroll to Write Protection
  • Check Enable Write Protection on devices.
  • On the drop down select "Activated when outside your Trusted Zone"

2. Configure ZoneBuilder Policy in SafeConsole.

This now restricts devices outside the Trusted Zone, which in this case is any clients without the client certificate installed, to be read only. For further information on ZoneBuilder with certificates please click the following link