Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 5 subscribers
  • Views 7581 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Safeguard POA and Resetting Passwords

DBC

Hello,

I am running Sophos Safeguard 5.6 and using full volume based device encryption on laptops.  I am pretty sure the answer to this is no but thought I would ask the question anyway.  We have a product called fastpass that allows our network users to reset/unlock or change their own password with the normal (answer and few security questions scenario)  my question is really for remote users.  If they take their laptop home and forget their password they can reset it through the website or the product also installs into the windows GINA and puts a button on the login screen.  However this would mean nothing to the POA stage right? as it will always want the previous network password.. and in the past when a network password has been reset and I use our admin login to get past their POA screen to avoid the C/R stage -  when it gets through to windows and you try to log them on with their new password, Sophos still wants to know their old windows password anyway which they dont know?  The only way I have found is to delete their Cert on the management server.

Could anybody please respond to let me know what you have found to be the best method for rolling out device encryption and the various scenario's that come with it.  Just looking for some advice really as we are about to roll out a lot of Laptops for users to start working from home.  Thank you

:23817


This thread was automatically locked due to age.
Parents
  • 0

    The place where I work I just got done doing a POC deployment and we're headed to the live rollout stage soon.  The best way to handle those scenarios where the user can't log in remote and needs to is to have a backup POA user in place and do a challenge/response for it's logon for issues.  Only they're in you can resync any policies or password changes as long as the server is available to the system, even over the internet.  We had our .NET developers create a self-service web on our private intranet page for this that basically submits and checks AD password, checks group memberhsip for user to make sure they're allowed to do this (if no throw a failure error), if yes issue new cert with new password and add them to the hostname.  SOPHOS has an API that facilitates this.  Our policy will be to have users reset/resync their accounts with AD if anything gets out of sync or has issues and get the new SG policy.

    :24193
Reply
  • 0

    The place where I work I just got done doing a POC deployment and we're headed to the live rollout stage soon.  The best way to handle those scenarios where the user can't log in remote and needs to is to have a backup POA user in place and do a challenge/response for it's logon for issues.  Only they're in you can resync any policies or password changes as long as the server is available to the system, even over the internet.  We had our .NET developers create a self-service web on our private intranet page for this that basically submits and checks AD password, checks group memberhsip for user to make sure they're allowed to do this (if no throw a failure error), if yes issue new cert with new password and add them to the hostname.  SOPHOS has an API that facilitates this.  Our policy will be to have users reset/resync their accounts with AD if anything gets out of sync or has issues and get the new SG policy.

    :24193
Children
No Data
Unfiltered HTML