Sophos Safeguard

Question

Hi Team, 
 We have built the SGN 8.1 Console and installed client in the test system. 
 
 We have made the encryption & decryption policy. 
 
 Now we want to assign the both policy at a time only required system are kept under decryption policy. 
 
 But when we checked the system RSOP then we are getting the result as below: 
 
 Can we change the policy execution policy priority for encryption and decryption.

MichaelMcLannahan · Accepted Answer

Hi - It is best to create a policy to allow decryption and assign this to a group. 
 Don't make computers a member of this group UNTIL to NEED to decrypt. 
 It is pointless and not recommended to assign a client/computer an encrypt AND decrypt policy at the same time. 
 
 This old post of mine may help further - community.sophos.com/.../safeguard-enterprise-8-1-decrypt-files-and-uninstall

Shweta · Answer

Hi paresh palav 
 Yes, it is possible to change the execution of the policy by selecting the policy and moving it upwards or downwards. Kindly check this link for more information. Also, kindly do not use encryption and decryption policy at once.

MichaelMcLannahan · Answer

Hi Paresh - I am assuming you're talking about encrypted with BitLocker - Right? 
 If so - I would supply the recovery company with the recovery key. They "should" know exactly how to mount a drive that's BitLocker enabled - to be honest if they don't....I wouldn't be trusting my business/data to them in the first place!

MichaelMcLannahan · Answer

Best to create a new post really Paresh - This gets quite confusing with multiple questions and answers in the same thread? 
 
 You do NOT need to decrypt in this scenario IF both systems are BitLocker - I've moved many of my clients from one to another. 
 
 You could simply update the client. Remove the old configuration, reboot and install the new. Make sure the computer is communicating with the new console. 
 
 If the client has C/R - I would NOT recommend "moving" it - remove C/R, decrypt and then treat the client as a new one. 
 If the client is Sophos encrypted - I would also NOT recommend "moving" it - Decrypt and then treat the client as a new one.

Jasmin · Answer

Hi paresh palav 
 My suggestion here is to upgrade the version of Safeguard to 8.2 from 8.0 instead of creating another server with 8.2 as you don't need to replace the certificate as well and policy will be same as previous one. 
 If you'll create another server, policies will not be exported to the new one.