Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 5 subscribers
  • Views 22723 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Deploying SafeGuard Enterprise to Workgroup PCs

cabaday

Hi All,

I've installed and configured SafeGuard Enterprise. I've created policies, client packages, and deployed the packages to two test machines. Both machines communicate with the SafeGuard Server and download policies. They don't however encrypt. I see them registered in the ".Auto registered" node but I'm not sure where to go from there.

I guess a couple of questions:

1) How is user creation handled for workgroup environments? All of the guides seem to concentrate on importing user and computer objects from Active Directory, which I'm not doing. This deployment has many stand-alone workgroup computers and has no intention of deploying AD.

2) Where should I start with troubleshooting why BitLocker encryption never starts?

3) Any best practices for workgroup deployments? I don't seem to find any best practice documents that talk about workgroups.

Thanks!

:56101


This thread was automatically locked due to age.
Parents
  • 0

    Whoops, same here.... sorry - should have checked the link.

    Anyway, here is the relevant part from the thread: 

    Re: Enforce Data Exchange (only) on USB Removable Media for all users of a PC
Options
‎Wed 18-Feb-2015 12:17

Hi David,
 
there is no need to distribute every single user to every single machine. The users auto enroll themselves during the first logon to the SafeGuard Data Exchange computers:
 
In a scenario where SafeGuard Device Encryption (incl. POA) is used, the first user to log on in Windows is automatically registered in the SafeGuard POA. At first, no other Windows user can log on at the SafeGuard POA. Further users must be imported with the assistance of the first user.
 
When the Device Encryption (incl. POA) is not installed, the registration process for new Users changes slightly:
 
To allow new user registrations for every user (w/o the registered owner being present), change the policy "Specific Machine Settings | User Machine Assignment (UMA) | Allow registration of new SGN Users for" from "Owner" to "Everybody".
 
Policy hint: Defines who is able to import another SGN user into the SafeGuard POA and/or UMA (by disabling the pass-through to the operating system).
Note: For endpoints that do not have the Device Encryption module installed the "Allow registration" of new SGN users for for setting must be set to "Everybody" if it should be possible on the endpoint to add more than one user to the UMA with access to their key ring. Otherwise users can only be added in the Management Center.
 
After changing the policy and synchronizing the changes to the Clients, Users that login to a SafeGuard Data Exchange Client for the first time will be automatically listed as a "SafeGuard User" and have access to their encryption keys if the Client version is 6.10 or 7.0.
 
 
Hope that helps,
ChrisD

    Cheers,

    Chris

    :56123
Reply
  • 0

    Whoops, same here.... sorry - should have checked the link.

    Anyway, here is the relevant part from the thread: 

    Re: Enforce Data Exchange (only) on USB Removable Media for all users of a PC
Options
‎Wed 18-Feb-2015 12:17

Hi David,
 
there is no need to distribute every single user to every single machine. The users auto enroll themselves during the first logon to the SafeGuard Data Exchange computers:
 
In a scenario where SafeGuard Device Encryption (incl. POA) is used, the first user to log on in Windows is automatically registered in the SafeGuard POA. At first, no other Windows user can log on at the SafeGuard POA. Further users must be imported with the assistance of the first user.
 
When the Device Encryption (incl. POA) is not installed, the registration process for new Users changes slightly:
 
To allow new user registrations for every user (w/o the registered owner being present), change the policy "Specific Machine Settings | User Machine Assignment (UMA) | Allow registration of new SGN Users for" from "Owner" to "Everybody".
 
Policy hint: Defines who is able to import another SGN user into the SafeGuard POA and/or UMA (by disabling the pass-through to the operating system).
Note: For endpoints that do not have the Device Encryption module installed the "Allow registration" of new SGN users for for setting must be set to "Everybody" if it should be possible on the endpoint to add more than one user to the UMA with access to their key ring. Otherwise users can only be added in the Management Center.
 
After changing the policy and synchronizing the changes to the Clients, Users that login to a SafeGuard Data Exchange Client for the first time will be automatically listed as a "SafeGuard User" and have access to their encryption keys if the Client version is 6.10 or 7.0.
 
 
Hope that helps,
ChrisD

    Cheers,

    Chris

    :56123
Children
No Data
Unfiltered HTML