This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Attempting to install SGN 8 on Windows 10

Hi there,

 

I am attempting to put SGN 8 standalone onto a Windows 10 laptop and it installed all fine one the pc as per any Windows 7 machine. It asks for a Pin and enables Bitlocker which is what my policy says it should so that looks all fine.

You power on the machine and goes to the Bitlocker PIN request and you put it in where it boots up ok. All fine... however, just testing the recovery options and having some issues.

If I try using Sophos recovery then it shows me a Challenge. I go to the server, put in the Key that I backed up from said computer, it asks me what volume I want to unlock and then gives me a response. Put that in the C/R machine and it accepts, goes black and reboots.

If I try to use a USB with said key then it reboots as well.

 

Just wondered if I am missing something obvious here.

 

Machine is Windows 10 Pro 64-bit

TPM 2.0 is all enabled.

No Secure boot enabled.

 

 

Any suggestions?



This thread was automatically locked due to age.
Parents Reply
  • Ah ha -  This is the sort of issue I saw with BitLocker C/R. There's quite a few models that aren't officially supported by C/R as you can see on this following article. 

    I decided against using C/R here for compatibility issues. A shame but I wanted consistency across the estate and not a one method for one system and another for a different system. If we had all the same hardware throughout it would have helped but we have brands from about 10 different brands and 100's of different models.

     

    https://community.sophos.com/kb/en-us/120433

Children
  • Thanks for that. I think in that particular instance it probably was one of those models that are not supported.

     

    So now I have an actual supported model that the C/R does work on. I just had another question just to clarify something.

     

    When I install and setup Safeguard and went and tested it with the C/R I then rebooted and tried recovery with the Bitlocker recovery key. I noticed that did not work and when I pulled the bitlocker key again it now shows no password. So am I right in thinking that once Sophos C/R has been setup and working then it overrides the Bitlocker recovery and that bitlocker recovery keep is superseded by the Safeguard recovery?

     

    Out of curiosity is there any way to push it back to using Bitlocker recovery? and if so would that then stop the Sophos C/R working?

  • Hi - Challenge and Response BitLocker replaces standard BitLocker I believe. You would need to decrypt, uninstall C/R element and then re-install without C/R I think. Because C/R installs it's own interface it's not a simple case of just disabling it - it'll need to remove the application that runs after POST. I don't think you can just unselect C/R and hope it turns off as the drive will still be encrypted and encryption is needed for C/R so you're stuck in this loop. Alternately you could just reinstall Windows across the top of the drive assuming you've allowed boot from USB and you have a bootable Win10 stick to flatten the laptop with. As long as this USB boots before the HDD/SSD boots you'll not need to do C/R or BitLocker recovery.

     

  • Ok thanks for that. I figured it was a case of only one recovery method working at a time. And thanks for clarifying that I would need to decrypt/uninstall if I wanted to go back to bitlocker.

     

    So I know you can store the Bitlocker recovery key in AD, I am guessing you can't do the same for the Safeguard recovery key?

  • Sadly the two aren't officially compatible. You either use Windows OR Sophos - you can't have the recovery key appear in both. You can see the logic in this too - not only for sales but also security!

  • That was what my guess would have been. I just wanted to make sure that was the case.