Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 9 replies
  • Subscribers 1 subscriber
  • Views 11129 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Encryption / win 7 login

Lewok

needing a wee bit of advice.

We have just upgraded our software to include safe gaurd encryption. it worked fine on xp but now we are testing on win 7 machines i have hit a snag.

on the login screen you have the 2 options one with the sophos icon and one without.  If i use the one with sophos i am stright in and working away. if i use the other one i get the sophos authentication screen to complete my login.

is there a way to force my users to use this option and this option only? putting their password in twice isn't an option.

I have removed power on authentication as we need to wake the machines up remotley.

thanks

lee

:45029


This thread was automatically locked due to age.
  • 0

    You can hide other credential providers by a policy.

    See knowledgebase article for details:

    http://www.sophos.com/en-us/support/knowledgebase/1376/1380/114190.aspx

    Regards,

    Holger

    :45033
  • 0

    Hello lee,

    :smileytongue: you don't hold your user's in high esteem, do you? It shouldn't require a degree to make the right choice :smileytongue:. Carefully test the hiding of credential providers that Holger suggested.

    Anyway, this is only exposed if you do not use POA (or Passthrough). You are aware that you can temporarily disable POA for WOL, aren't you? So I can only imagine you want the machines ready for login before the users get to them ... Keep in mind that disabling POA reduces security (you got a prompt when you did so).

    Christian

    :45041
  • 0

    how did you guess? I am trying to make it as simple as possible for them. I have updated the system and it is working really well. thanks

    I have tested with both and disabling POA is the best for us. it makes it simple for updating etc.

    I have a 20+ second delay from hitting ctrl alt delete to the login appearing is this normal?

    thanks


    lee

    :45295
  • 0

    Hello lee,

    I don't think there should be such a delay - did you notice it also with POA enabled (this would normally be configured to pass through the credentials)?

    disabling POA is the best for us. it makes it simple for updating

    Encryption is about protecting the data on the machine in case it goes missing. If you have physical access to a running (or even rebootable) machine you don't need much more than a little bit of time to get the data off it ...

    Christian

    :45299
  • 0

    I couldn't say sorry. it was a while ago we decided to turn off POA.

    As far as i understood it until an authorised user logged in the machine was still encrypted, the POA was an extra layer of protection on top of that.

    :45301
  • 0

    At least the OS is already decrypted, isn't it? Access the machine remotely as an Administrator - haven't tested it but see what you can read and what not.

    Christian

    :45305
  • 0

    I will do.

    any ideas on the delay between ctrl, alt, delete and the login credentials appearing?

    :45307
  • 0

    Hi Lewok,

    I've just worked on a similar issue and managed to reduce loading times of Credential Provider tiles after the installation of the SafeGuard Client by modifying the service group orders of the system. I 've documented the findings in a KBA: 

    After installation of SafeGuard Enterprise, loading times of the Credential Provider tiles is increased

    http://www.sophos.com/en-us/support/knowledgebase/120249.aspx

    Please let me know if that solves your problem.

    Regards,

    ChrisD

    :45705
  • 0

    that's it resolved. :smileyvery-happy:

    It might have been my support ticket you had as support have just resent me the KB.

    thanks


    Lee

    :45707