Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 5 subscribers
  • Views 12139 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Remote install Full Disk Encryption

MauriceByrd

I'm planning a rollout of Sophos Full Disk Encryption to a mobile database.  From the management console can I push out the installation to the client machines?  They are all joined to a Windows domain.  Many connect over a VPN connection to access domain resources.  It's impractical to have all the users travel back to the office in order to have a tech perform the installation. 

This Sophos newbie apologizes if this question has been answered previously.  I wasn't able to find the question when I searched the KB.

Thanks,

m-

Edit: We will be installing SafeGuard Enterprise in order to take advantage of the management server.  Initially, only the FDE will be deployed.

:51788


This thread was automatically locked due to age.
  • 0

    Try section 9.5.3 here: http://www.sophos.com/en-us/medialibrary/PDFs/documentation/sgn_61_ig_eng_installation.pdf?la=en

    You cant use Sophos Management Center to deploy encryptions - however as the installation files are MSI's you can deploy them via a batch file or any other distribution method of your choice. You just need to make sure when the PC restarts the Windows can still access the MSI's so hosting them on a mapped drive might not work.

    Also before the encryption Sophos suggest you run a chkdsk which will complicate matters a little.

    Finally I dont think the hard drive starts encrypting until after the user logs on (I might be wrong here). The first user to log onto the device will be added as a user in the Power On Authentication so be wary of this too. Other users will need to be added manually, either on the device or using the console.

    As we only use laptops we have had to have a technician onsite for each install. If you manage to get them rolled out centerally let me know - would be interesting to hear how you get on.

    :51810
  • 0

    Thanks for the knowledge, SimonUOL.

    Sounds like the initial installation will be the most challenging piece of the rollout for us.  Most of the users are remote and depend on wireless connectivity for Internet access and VPN for connecting to company resources.   With no budget for travel, it's not likely that I can have someone onsite. I might be able to do the install via a Logmein session.

    :51842
  • 0

    You can definetly perform the installation using any remote support tool you wish. Just remember that the first person to log in after the MSI files have been installed will be tied to that device as its owner.

    Even though the accounts are tied the POA is seperate to the Windows log in screen and so users will need to be manually added to the encryption in order to log onto the device. The first person to log on after Sophos Safeguard has been installed will be automaticly added to the POA - however subsiquent users will need to be added by a user that has already been added to the POA.

    (This process is straight forward enough; the user enters their log in credentials and unticks "Pass through log-on to Windows".)

    if you are installing the software remotely you will need to make sure a nominated individual is availible at the other end who would be happy to add the other users to the encryption.

    :51854
Unfiltered HTML