Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 5 subscribers
  • Views 5866 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Problems with POA and SGN guest users

Stymin

Hi,

I'm using Safeguard enterprise 5.50. I've got problems with activating POA on machines wich fall under domain .Auto Register folder.  The POA settings of the policy group which is assigned to this folder and activated for .Authenticated Computers says:

  Enable Power On authentication - Yes

  Forbid Guest user - No

  Import of new users allowed for - Nobody

However after installing SGN clilent and rebooting computer POA is never activated. SGN treats all (domain) users who log onto the computer as a guest users. That means that also keys and certificate is not transferred to the computer for logged in users.

Machine is able to contact SGN server. It is in fact encrypting the drives (as also other policy - related to drive encryption was assigned to .auto registered folder).

When checking RSOP for the machine and users who are logging in it shows that POA should be activated (however it is not). Users are not on any service account list.

I've tried to change POA policy to:

  Forbid Guest user - YES

  Import of new users allowed for - Nobody

but changing it ths way I'm unable logging to windows (at GINA level) and I've got prompt: Your current Safeguard settings doesn't allow you to login.  (or similar)

Do you know how to solve the issue and force POA to activate?

:6821


This thread was automatically locked due to age.
  • 0

    Hi Stymin,

    please try to activate the option: "Import of new users allows owner" and check if this has an positive impact.


    Regards

    Dan

    :6955
  • 0

    Hi Daniel,

    Thanks and yes, this would do the trick. I've used this as a work around. However I don't think this is complete resolution. As far as i remember, if configuration above ( Forbid Guest user - YES,   Import of new users allowed for - Nobody) would be assigned at the domain level (not on .Auto registered folder) it would assign SGN user and activate POA (but i might be mistaken).

    Regards

    :6987
  • 0

    Hi Stymin,

    thank you very much for the feedback - I will quickly retest and see how my system behaves. Please note that I will carry out my tests using SafeGuard Enterprise 5.50.8 which is the latest released version available.

    Regards

    Dan

    :6991
  • 0

    Hi Stymin,

    I can reproduce the behavior and will now check internally what the behavior should be. However, it seems as if the description is misleading and the feature is working as expected.


    I will post as soon as there is any update.

    Regards
    Dan

    :6995
Unfiltered HTML