1. Enable write protection
- Login to SafeConsole with an Admin account.
- Go to Policies tab.
- Choose the Domain/OU for the users you want to manage.
- Scroll to Write Protection
- Check Enable Write Protection on devices.
- On the drop down select "Activated when outside your Trusted Zone"
2. Configure ZoneBuilder Policy in SafeConsole.
- Enable ZoneBuilder in the policy
- Configure Trusted Network for devices you wish to have write access.
- For more information see Trusted Zone using ZoneBuilder and Trusted Network.
This now restricts devices outside the Trusted Zone, which in this case is any clients without the client certificate installed, to be read only. For further information on ZoneBuilder with certificates please click the following link.