This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to install Safeguard Device Encryption Client on a Windows 10. I really need a step-by-step

We have everything installed like SQL, Server and DB. It was installed by someone at sophos. I can install a Windows 7 machine with sophos client and it does get sync with our Safeguard Manager software. But I'm having issues with Windows 10. I turn on Bitlocker on and it encrypts the drive. Then I install SGN 8 client x64. I restart the machine and I see the login Sophos logo and I login. So I do a test by locking my self out and have to a shutdown. It restart but doesn't give a the challenge code. I also notice that this Laptop Windows 10 is NOT sync with my Safeguard Manager software. I do see all of my Windows 7 Pro machines. So I really need a step-by-step on How to install Safeguard Device Encryption Client on a Windows 10.

 

Thanks in Advance



This thread was automatically locked due to age.
Parents
  • Hi - I think you're making a few assumptions here.
     
    1 - You don't need to enable BL first on the PC. If you've set up the policies correctly AND the PC is "ready"/compatible the encryption (BitLocker) should enable itself automatically.
     
    2 - Challenge and Response is VERY hardware dependant and one of the reasons (I believe) it has been deprecated. I would not recommend using it at all on PC's to be quite honest. I appreciate that this might mean you have a mixed estate, but sadly this is unavoidable now in that Sophos isn't moving forwards with this feature anymore.
     
    So - You have a working server setup and it's currently dealing with the Win7 estate. You can either modify the existing policy that controls these machines or you could create a new one for Win10.
     
    It is highly likely that C/R is NOT compatible with this laptop, so you won't see a challenge in the way you may with your Win7.
     
    So step 1 is (probably)

    0 - Configure TPM to ready state
    1 - Bind laptop to AD
    2 - Configure policy accordingly on server
    3 - Install client
    4 - Install configuration file from server on client
    5 - Once policy is received and PC is in ready state - encryption will begin
    6 - Prompt to set PIN (6 digits) will be seen if TPM AND PIN policy is set.
     
     
    I can give more detail once we know a little more about what state things are in?
Reply
  • Hi - I think you're making a few assumptions here.
     
    1 - You don't need to enable BL first on the PC. If you've set up the policies correctly AND the PC is "ready"/compatible the encryption (BitLocker) should enable itself automatically.
     
    2 - Challenge and Response is VERY hardware dependant and one of the reasons (I believe) it has been deprecated. I would not recommend using it at all on PC's to be quite honest. I appreciate that this might mean you have a mixed estate, but sadly this is unavoidable now in that Sophos isn't moving forwards with this feature anymore.
     
    So - You have a working server setup and it's currently dealing with the Win7 estate. You can either modify the existing policy that controls these machines or you could create a new one for Win10.
     
    It is highly likely that C/R is NOT compatible with this laptop, so you won't see a challenge in the way you may with your Win7.
     
    So step 1 is (probably)

    0 - Configure TPM to ready state
    1 - Bind laptop to AD
    2 - Configure policy accordingly on server
    3 - Install client
    4 - Install configuration file from server on client
    5 - Once policy is received and PC is in ready state - encryption will begin
    6 - Prompt to set PIN (6 digits) will be seen if TPM AND PIN policy is set.
     
     
    I can give more detail once we know a little more about what state things are in?
Children
No Data