Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Subscribers 5 subscribers
  • Views 3449 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SafeGuard Enterprise 550 questions

ivanwee

Hi All,

I am new to SafeGuard, i still have many things which i am unclear of now.

1) Active Directory. If i do not synchronize my AD with the SGN, and i just create a domain myself. How do i add users to it? I assume when a new user connects to SGN, he will be added to auto.registered container.. how to do i move this user to the domain i created? I noticed the Move button is greyed out.

2) Local Storage Encryption. I configured a local storage encyption policy with the purpose of encypting our notebooks (HDD). But i recieved feedback that the policy is encrypting mobile devices that are detected as usb storage by Windows. Is there any way i can prevent this?

:3457


This thread was automatically locked due to age.
Parents
  • 0
    ivanwee wrote:

    Hi All,

    I am new to SafeGuard, i still have many things which i am unclear of now.

    1) Active Directory. If i do not synchronize my AD with the SGN, and i just create a domain myself. How do i add users to it? I assume when a new user connects to SGN, he will be added to auto.registered container.. how to do i move this user to the domain i created? I noticed the Move button is greyed out.

    2) Local Storage Encryption. I configured a local storage encyption policy with the purpose of encypting our notebooks (HDD). But i recieved feedback that the policy is encrypting mobile devices that are detected as usb storage by Windows. Is there any way i can prevent this?

    Hi ivanwee,

    Thank you for posting your question in the SophosTalk community forums. 

    1) Active Directory: Is not a requirement to use SGN, but sync'ing with AD does add the benefit of not having to create Domain, Workgroups, etc manually. In your sceanrio, if a User does authenticate on a SGN proetcted device, the Domain User will be be added to the .Auto registered container either under Root or the Domain they are a member of. The SGN system knows to organize the User in the appropriate Domain. The big thing to be aware is, since the Domain User doesn't have an OU associated with their GUID from the AD import, they will be placed in the .Auto registered container under the Domain. These User object are unmoveable through the SGN MC GUI. I haven't tried this, but I've heard collegues talk about it, you can use the SGN API to create and move users that are not bound to an AD sync. If they are bound to an AD OU, the next sync will move them back to wherever AD has them associated.

    2)  Local Storage Encryption: Yes, change your Device Protection policy to encrypt either Mass Storage or Boot Volumes and NOT  Local Storage Encryption. Other media are getting encrypted because the target devices are listed in a heirarchy, which means the encryption policy will flow downwards to the lower level devices (for example: anything with storage but CDs or DVDs). This KBA will help you get those other devices decrypted.

    :3584
Reply
  • 0
    ivanwee wrote:

    Hi All,

    I am new to SafeGuard, i still have many things which i am unclear of now.

    1) Active Directory. If i do not synchronize my AD with the SGN, and i just create a domain myself. How do i add users to it? I assume when a new user connects to SGN, he will be added to auto.registered container.. how to do i move this user to the domain i created? I noticed the Move button is greyed out.

    2) Local Storage Encryption. I configured a local storage encyption policy with the purpose of encypting our notebooks (HDD). But i recieved feedback that the policy is encrypting mobile devices that are detected as usb storage by Windows. Is there any way i can prevent this?

    Hi ivanwee,

    Thank you for posting your question in the SophosTalk community forums. 

    1) Active Directory: Is not a requirement to use SGN, but sync'ing with AD does add the benefit of not having to create Domain, Workgroups, etc manually. In your sceanrio, if a User does authenticate on a SGN proetcted device, the Domain User will be be added to the .Auto registered container either under Root or the Domain they are a member of. The SGN system knows to organize the User in the appropriate Domain. The big thing to be aware is, since the Domain User doesn't have an OU associated with their GUID from the AD import, they will be placed in the .Auto registered container under the Domain. These User object are unmoveable through the SGN MC GUI. I haven't tried this, but I've heard collegues talk about it, you can use the SGN API to create and move users that are not bound to an AD sync. If they are bound to an AD OU, the next sync will move them back to wherever AD has them associated.

    2)  Local Storage Encryption: Yes, change your Device Protection policy to encrypt either Mass Storage or Boot Volumes and NOT  Local Storage Encryption. Other media are getting encrypted because the target devices are listed in a heirarchy, which means the encryption policy will flow downwards to the lower level devices (for example: anything with storage but CDs or DVDs). This KBA will help you get those other devices decrypted.

    :3584
Children
No Data
Unfiltered HTML