This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Safeguard bitlocker encryption

A computer already encrypted by other product encryption..how do I manage it through sophos.is it possible?



This thread was automatically locked due to age.
Parents Reply Children
  • Hi,

    Can you guide me through ,where can i find it in the console.

    There is a tab for reports,but i need the logs of the users who are manged by safeguard management center.

     

     

     

    Regards,

    Subhasri

  • This "basic" report doesn't contain users, but instead the devices. Click on the root of your domain (on the left) Select Inventory on the tabs on right. Click the magnifying glass (without entering a PC/hostname) This will list ALL devices that have reported into SafeGuard. Select one device (anyone - doesn't matter). File - Print Preview - "Calculating print area might take several mins" - Click OK" - When window opens - File - Export Document. Find format you need and save it to view later.

    What data are you looking for with your users? The users of the console or users of the devices that have SafeGuard installed?

     

  • Hi  

     has already suggested the simple way to export the inventory of the Safeguard Management Center. Safeguard manages computers, not the users, so you'll find the computers in the inventory, not the users.

    I am assuming that you want a report for the users who are assigned against the computers in the Safeguard. Please use the below SQL query which will help you to fetch users assigned to the computers:

    -----------------------------

    use SafeGuard

    SELECT USR_ID, USR_LOGON_NAME, USR_FIRST_NAME, USR_LAST_NAME, USR_EMAIL, machines.*

    FROM
    (SELECT SGD_NAME,SGD_ID,UMA_USER_ID,SGD_DSN,SGD_SCHEMA_CLASS_NAME
    FROM Safe_Guard_DIR INNER JOIN
    USR_MACHINE_ASSIGN ON Safe_Guard_DIR.SGD_ID = USR_MACHINE_ASSIGN.UMA_MACHINE_ID) AS MACHINES INNER JOIN USERS ON USERS.USR_ID = MACHINES.UMA_USER_ID

    -----------------------------

    This query is mentioned in the KB article I provided to you above. Please refer to this KB once, so you'll aware about numbers of reports can be generated through the query.

    Regards,

    Jasmin
    Community Support Engineer | Sophos Support

    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • Hi,

    How to work with power on authentication in safeguard??And can only username & password can be the only way to boot the machine.

    And one more query windows credential and safeguard credential i need as only one sign in.Is it possible??

     

    Regards,

    Subhasri

  • POA is dependant on OS - It's no longer available in Win10. What OS are you referring to?

     

    I'm afraid the second credential provider (Windows AND SafeGuard) will be visible. It is possible to hide the Windows one but I know this can have a strange impact on the system, and it's critical you appreciate what changes/impacts there are. I went down to route of educating users on "please use the Sophos Cog to log in from now on" approach.

    You must also plan that if you should remove SafeGuard at any point (or you're unable to log in with SafeGuard owing to an error) you'll not be able to log into the machine.

    https://community.sophos.com/kb/en-us/114190

  • If this not going to work on win 10 then how do I protect the drive in my machine?

    What is the use of safeguard in power on authentication??

     

  • Windows 10 (and some versions of Win7/8) use BitLocker and it's this that is managed by Sophos SafeGuard. Previously in earlier OS Sophos did their own disk encryption and POA worked with that.

    So SafeGuard will help you manage BitLocker and store the recovery keys within the console/SQL. The users will see the "standard" BitLocker screen when they power on their devices. They'll enter a PIN (if set by SafeGuard policy) or password (Windows 10 supports passwords for those devices without TPM) and/or TPM can be used. It's also possible to use a USB Startup key too - but my personal opinion is best to stick with TPM/PIN combination if supported.

     

    Hope this helps and clarifies a little?

  • Hi  

    Please find the document for authentication policy which will help you to understand the options explained by Michael. POA only comes with Safeguard encryption but it is not needed after the arrival of Windows 10 as Microsoft has already provided the native encryption technology "Bitlocker". Now Safeguard only manages the Bitlocker for the drive encryption and so that if you want to put POA for those users, you can use options mentioned under "BitLocker Logon Mode for Boot Volumes". 

    Regards,

    Jasmin
    Community Support Engineer | Sophos Support

    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • Hi,

     

    let me be clear in what I actually need.

     

    1. We want to implement Username & Password Authentication at "Pre-Boot Authentication" instead of BitLocker Password only , is this possible to achieve with Sophos Safeguard + BitLocker
    2. Single Sign On (PreBoot + Windows Logon Authentication Synchronisation), is this possible to achieve with Sophos Safeguard + BitLocker 

    We are using Microsoft Windows 8, 10.

  • Hi  

    Please refer the below answers for your queries:

    1. It is not possible to implement Username & Password Authentication instead of Bitlocker Password with any kind of Encryption software as in preboot authentication, the machine never has access to network service and hence user can't be authenticated against the AD.

    2. If you have installed Safeguard Encryption on the client, you need to login to the Safeguard cred provider instead of Windows Cred provider as it syncs automatically clients to safeguard server on fix interval and generates user certificates. Safeguard Cred provider is not different, username and password for that will be the same as Windows username and password.

    Regards,

    Jasmin
    Community Support Engineer | Sophos Support

    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link