1. Enable write protection
- Login to SafeConsole with an Admin account.
- Go to the Policies tab.
- Choose the Domain/OU for the users you want to manage.
- Scroll to the Write Protection policy.
- Check Enable Write Protection on devices.
- On the drop-down, select "Activated when outside your Trusted Zone"
2. Configure ZoneBuilder Policy in SafeConsole.
- Enable ZoneBuilder in the policy
- Configure Trusted Network for devices you wish to have write access to.
- For more information see Trusted Zone using ZoneBuilder and Trusted Network.
This now restricts devices outside the Trusted Zone, which in this case is any clients without the client certificate installed, to be read-only.