This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

POA works on Win 10 not on Win7 64 Bit?

Running 8.1

Any ideas My win 10 pc's happily encrypt the HD and also pop up asking for a password for POA.

Win7 64 bit doesn't pop up asking for the POA details.  It encrypts the disk fine just doesn't ask for POA or can I only do that on 10?



This thread was automatically locked due to age.
  • Thanks for all the help Michael.... One last question.

     

    If i set up a Group Policy within my active directory to say that devices need a pin/password whatever it's called at boot.  Would this just ask for the very long code each time for bitlocker, or would it pop up on each win10 device asking the owner to create a new PIN/Password which would have to comply with our password policy within Sophos SafeGuard Enterprise?

  • The password policy applied by Sophos does NOT affect the BitLocker requirements I'm afraid - I wish it did! Those controls are for POA for NON-Bitlocker machines.

    In all honesty if you use SSG to manage Full disk Encryption on Windows 10 or Mac OS - a lot of the functionality of the policy setting is not either relevant or can be applied. In my opinion - Sophos is just managing BitLocker/FileVault2 - not really controlling it.

    Ideally- You want to configure TPM AND PIN if your laptops have TPM. This PIN needs to be 6 digits or greater (although you can make it 4 digits but six is now the default)

    So the user will power on the laptop - enter 6 digits (don't use special characters as the keyboard layout will be EN/US at this point - not UK/other)

    Laptop then boots into Windows and arrives at the login/Welcome screen. User then enters their creds via the Sophos cog and logs on.

     

    If you change your policy on the console - it should just pop up in their screen to set a PIN. Annoyingly though the prompt may say set a 4 but this is outdated - it must be 6 now as this is the default. Sophos need to change this! As I said before you can force 4 digits again but 6 is in theory more secure! Note it does remind about EN/US keyboard here too. I always ask my users to use numbers only - although it will accept normal characters too. I feel this makes it confusing as they might see this as a password and not a PIN which by very definition should be numbers only!

     

     

    Hope this makes sense?

     

    All the best