This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to install Safeguard Device Encryption Client on a Windows 10. I really need a step-by-step

We have everything installed like SQL, Server and DB. It was installed by someone at sophos. I can install a Windows 7 machine with sophos client and it does get sync with our Safeguard Manager software. But I'm having issues with Windows 10. I turn on Bitlocker on and it encrypts the drive. Then I install SGN 8 client x64. I restart the machine and I see the login Sophos logo and I login. So I do a test by locking my self out and have to a shutdown. It restart but doesn't give a the challenge code. I also notice that this Laptop Windows 10 is NOT sync with my Safeguard Manager software. I do see all of my Windows 7 Pro machines. So I really need a step-by-step on How to install Safeguard Device Encryption Client on a Windows 10.

Thanks in Advance

This thread was automatically locked due to age.

Parents

0 MichaelMcLannahan over 5 years ago

Hi - I think you're making a few assumptions here.

1 - You don't need to enable BL first on the PC. If you've set up the policies correctly AND the PC is "ready"/compatible the encryption (BitLocker) should enable itself automatically.

2 - Challenge and Response is VERY hardware dependant and one of the reasons (I believe) it has been deprecated. I would not recommend using it at all on PC's to be quite honest. I appreciate that this might mean you have a mixed estate, but sadly this is unavoidable now in that Sophos isn't moving forwards with this feature anymore.

So - You have a working server setup and it's currently dealing with the Win7 estate. You can either modify the existing policy that controls these machines or you could create a new one for Win10.

It is highly likely that C/R is NOT compatible with this laptop, so you won't see a challenge in the way you may with your Win7.

So step 1 is (probably)

0 - Configure TPM to ready state
1 - Bind laptop to AD
2 - Configure policy accordingly on server
3 - Install client
4 - Install configuration file from server on client
5 - Once policy is received and PC is in ready state - encryption will begin
6 - Prompt to set PIN (6 digits) will be seen if TPM AND PIN policy is set.

I can give more detail once we know a little more about what state things are in?
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 MichaelMcLannahan over 5 years ago

Hi - I think you're making a few assumptions here.

1 - You don't need to enable BL first on the PC. If you've set up the policies correctly AND the PC is "ready"/compatible the encryption (BitLocker) should enable itself automatically.

2 - Challenge and Response is VERY hardware dependant and one of the reasons (I believe) it has been deprecated. I would not recommend using it at all on PC's to be quite honest. I appreciate that this might mean you have a mixed estate, but sadly this is unavoidable now in that Sophos isn't moving forwards with this feature anymore.

So - You have a working server setup and it's currently dealing with the Win7 estate. You can either modify the existing policy that controls these machines or you could create a new one for Win10.

It is highly likely that C/R is NOT compatible with this laptop, so you won't see a challenge in the way you may with your Win7.

So step 1 is (probably)

0 - Configure TPM to ready state
1 - Bind laptop to AD
2 - Configure policy accordingly on server
3 - Install client
4 - Install configuration file from server on client
5 - Once policy is received and PC is in ready state - encryption will begin
6 - Prompt to set PIN (6 digits) will be seen if TPM AND PIN policy is set.

I can give more detail once we know a little more about what state things are in?
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data