I’’’’m not able to disable the POA in my policies created using the SafeGuard Enterprise Management Center 5.4.0.152. Under the Machine Settings policy I have chosen NO for Enable Power-on Authentication and created my Policy package with these settings. I’’’’ve applied them to my test machine, but I’’’’m still presented with a POA logon screen rather than going straight to the Windows logon screen. Clients that are reporting to the server are not getting updated policies when I make the changes to their group. I have some machines where I have to fix the MBR in order to get past the Sophos wall paper. I have run Check Disk on all the machines to ensure the hard drive is good. I have a laptop that has the client and policy installed, but the encryption process never starts. I cannot find a log file to tell me what is going on. Any help would be appreciated. :1349

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Need help with SafeGuard Enterprise

RBC827 over 15 years ago

I’’’’m not able to disable the POA in my policies created using the SafeGuard Enterprise Management Center 5.4.0.152.
1. Under the Machine Settings policy I have chosen NO for Enable Power-on Authentication and created my Policy package with these settings. I’’’’ve applied them to my test machine, but I’’’’m still presented with a POA logon screen rather than going straight to the Windows logon screen.
Clients that are reporting to the server are not getting updated policies when I make the changes to their group.
I have some machines where I have to fix the MBR in order to get past the Sophos wall paper. I have run Check Disk on all the machines to ensure the hard drive is good.
I have a laptop that has the client and policy installed, but the encryption process never starts. I cannot find a log file to tell me what is going on.

Any help would be appreciated.

This thread was automatically locked due to age.

Parents

0 AndyB over 15 years ago
1. If you run RSOP agains both the computer and user does it confirm that POA is disabled?
If you are not using POA or Device Encryption, why don't you use the package _withoutde which does not include this module? Therefore, even if your policy states that POA and encryption should be enabled nothing will actually happen until you either manually update the package or push if via a software distribution method. This works quite well for desktop systems (assuming your requirement is not to encrypt the hard discs of your boxs)
2. Have you checked the Status of the SGN Client to see if there are any packets stuck in the queue? If there are can you open your web browser to http://servername/SGNSrv and run the tests?
Can you ping your server?
Was the configuration package created using the short or fully qualfied DNS name of our server?
If you can't get rid of the packets in the queue and you can communciate with the SGN server, you may want to reboot the server (assuming other clients have the same issue); sometimes if you have the database offloaded to another box and they reboot at different times; say the application server comes up before the database, policy settings may not go through until the app server is rebooted with the database available.
3. It is best practice to run chkdsk against all clients that you are installing SafeGuard on, even though typically I have found this necessary on systems you intend to encrypt.
4. There is a registry key you can flip to get verbose logging out of SafeGuard but you will need to send this to Sophos Support to be investigated: http://www.sophos.com/support/knowledgebase/article/108779.html
Again, check your packets in the queue and that you can talk to the SGN server.
Check that the MSI you installed was the client which included the DE module.
:1911
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 AndyB over 15 years ago
1. If you run RSOP agains both the computer and user does it confirm that POA is disabled?
If you are not using POA or Device Encryption, why don't you use the package _withoutde which does not include this module? Therefore, even if your policy states that POA and encryption should be enabled nothing will actually happen until you either manually update the package or push if via a software distribution method. This works quite well for desktop systems (assuming your requirement is not to encrypt the hard discs of your boxs)
2. Have you checked the Status of the SGN Client to see if there are any packets stuck in the queue? If there are can you open your web browser to http://servername/SGNSrv and run the tests?
Can you ping your server?
Was the configuration package created using the short or fully qualfied DNS name of our server?
If you can't get rid of the packets in the queue and you can communciate with the SGN server, you may want to reboot the server (assuming other clients have the same issue); sometimes if you have the database offloaded to another box and they reboot at different times; say the application server comes up before the database, policy settings may not go through until the app server is rebooted with the database available.
3. It is best practice to run chkdsk against all clients that you are installing SafeGuard on, even though typically I have found this necessary on systems you intend to encrypt.
4. There is a registry key you can flip to get verbose logging out of SafeGuard but you will need to send this to Sophos Support to be investigated: http://www.sophos.com/support/knowledgebase/article/108779.html
Again, check your packets in the queue and that you can talk to the SGN server.
Check that the MSI you installed was the client which included the DE module.
:1911
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data