It appeared to me I earlier misunderstood the Trusted User policy option. I thought it allowed certain users to install new applications or run unknown executables, but it does not.
Instead, a Trusted User is allowed to unlock the CLI and enable the update mode, without having to type a password.
The command:
CLI > sadmin recover
Is to unlock Solidcore. Afterwards the update mode can be initiated by "sadmin bu" (shortcut for begin-update). "sadmin recover" prompts for a password that can be set in ePO. The password prompt is thus disabled for trusted users, so they can do "sadmin bu" at any time.
No comments:
Post a Comment