Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 5 subscribers
  • Views 3335 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Best practice with Safeguard Easy 5.5 and shared laptop (multiple users)

Lazyeyes

Hello all!

My first post at this forum, and I`m hoping for some help from you guys! :smileywink:

I`m testing out Safeguard Easy 5.5 for a client, and got some questions about best practice about multiple users on a laptop.

After installation of  SGxClientPreinstall-SGNClient-Config package (made with policy editor) the laptop boots and  Safeguard Easy runs autologon.

I`ve made a service account to log in to Windows so the encryption will be finished, then the IT personell will log out and hand over the laptop to the end-user.

The next user who logs into Windows will then be the owner of the laptop, all good so far.

But if this is a shared laptop and the user returns this laptop to IT personell, how can the IT personell add another user into POA?

As far I understand the service account only works BEFORE a normal user logs into Windows, if a user got ownership of the laptop the service account is then useless and will fail logon in POA.

I`ve also tried with POA users configured in a Config package, the POA user can then get through the POA authentication, but logging a new user into Windows will not make this new user a POA user.

Can anyone help me out here?, I`m pretty stuck in this scenario...

:6383


This thread was automatically locked due to age.
  • 0

    Sorry, but that doesn`t help me much  :smileysad:

    Anyone have a solution to this?

    :6485
  • 0

    I'd also like to know the answer to this question. I can only assume that the Enterprise version handles this easily with its integration with AD?

    :7209
  • 0

    I normally advice people to create a POA account or register the machine to a service desk account during installation. When the PC then has to be given out to someone else then you have to follow the procedure below to register that person:

    1. Switch on or restart the PC so that the POA is displayed

    2. Click on Options and deactivate "Pass through logon to Windows"

    3. Authenticate as a user that was already registered on the machine (e.g.the POA or service desk account)

    Windows now boots but no automatic logon to Windows takes place.

    4. The user borrowing the machine now logs on to Windows.

    SafeGuard Easy will now automatically register this new user in the POA.

    This process works both for SafeGuard Easy and SafeGuard Enterprise protected computers. With SafeGuard Enterprise I additionally have the option to assign users centrally (via the SafeGuard Management Center) to the machines. But also in this case an authorized user (e.g. a user that can logon to the POA) has to boot the PC so that SafeGuard Enterprise can synchronize its data.

    :7227
Unfiltered HTML