This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Safeguard Application Encryption with Win 10 Golden Image VDI

Been trying to figure a way to get this to work and I keep getting road blocks.  At the end of the day all I need is a way for my users within my VDI vm environment to be able to access encrypted files.  Whenever I install Sophos application encryption onto the golden image and then deploy it out to the users the machines that are cloned from the golden image are stuck in a boot loop.  The golden image itself works just fine.  I cannot figure out what about the sysprep causes the clones to break down.

Has anyone been able to use Safeguard encryption in a Golden Image VM environment?



This thread was automatically locked due to age.
Parents
  • Which client and which version are you using please Ryan?

    I use and have used a Sophos SafeGuard client on a lot of my dev and testing and found it seems to work fine within VM's. I generally used VirtualBox and HyperV. 

    Sophos official line is/was - it can work on VM's and I'm sure a VDI too - community.sophos.com/.../10813 https://community.sophos.com/kb/en-us/108133 

    Sysprep pulls out all the identifying and specified hardware so that's there's no conflicts for a differing hardware set. It's no surprise to me that this would affect SafeGuard - it's fairly intergrated into the OS with specific drivers and filters. No doubt sysprep is removing some/all of this.

    Would a RDP session be an alternative? Install the SafeGuard client on supported OS (I'd use Win10 1803 as a good stable supported base) and have your clients/users connect to that?

  • Yeah it 100% works with VM's and VDI the problem is the sysprep, I need a way around that. 

    We run Hyper V 2016 host with a 2016 RDP server. Our golden image is a Windows 10 1809 LSTB version. If you're not familiar with LSTB its simply a stripped down version of windows without features like the store or cortana designed for golden images. 

    I can get the Golden image to work just fine with safeguard.  I can get it to register, assign a license, receive policies, etc. Sysprep runs fine and the RDP will rebuild the current VM's with the new golden image without issue.  However, once the newly created VM's boot up the user cannot login as the machine just boot loops.

    At the end of the day all I need is the ability to have a user sitting on a thin client, using an RDP session within our VDI environment to be able to access the encrypted files that are on the network.  There will be areas where files are not encrypted, actually 90% of the areas will be this way.  Only our outside sales force area will be encrypted and their admins and assistants needs access to these files in order to help them while they are in the field.  

    We were under the impression from our 45 day proof of concept testing that we could assign licensing to a users or white-list our domain so that users within our domain could access them but after we purchased the product we found out that it is only machine based.

Reply
  • Yeah it 100% works with VM's and VDI the problem is the sysprep, I need a way around that. 

    We run Hyper V 2016 host with a 2016 RDP server. Our golden image is a Windows 10 1809 LSTB version. If you're not familiar with LSTB its simply a stripped down version of windows without features like the store or cortana designed for golden images. 

    I can get the Golden image to work just fine with safeguard.  I can get it to register, assign a license, receive policies, etc. Sysprep runs fine and the RDP will rebuild the current VM's with the new golden image without issue.  However, once the newly created VM's boot up the user cannot login as the machine just boot loops.

    At the end of the day all I need is the ability to have a user sitting on a thin client, using an RDP session within our VDI environment to be able to access the encrypted files that are on the network.  There will be areas where files are not encrypted, actually 90% of the areas will be this way.  Only our outside sales force area will be encrypted and their admins and assistants needs access to these files in order to help them while they are in the field.  

    We were under the impression from our 45 day proof of concept testing that we could assign licensing to a users or white-list our domain so that users within our domain could access them but after we purchased the product we found out that it is only machine based.

Children
No Data