This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Safeguard

Hi Team,

We have built the SGN 8.1 Console and installed client in the test system.

 

We have made the encryption & decryption policy.

 

Now we want to assign the both policy at a time only required system are kept under decryption policy.

 

But when we checked the system RSOP then we are getting the result as below:

Can we change the policy execution policy priority for encryption and decryption.

 

 

 

 



This thread was automatically locked due to age.
Parents
  • Hi - It is best to create a policy to allow decryption and assign this to a group.

    Don't make computers a member of this group UNTIL to NEED to decrypt.

    It is pointless and not recommended to assign a client/computer an encrypt AND decrypt policy at the same time. 

     

    This old post of mine may help further - community.sophos.com/.../safeguard-enterprise-8-1-decrypt-files-and-uninstall

  • Hi Micheal,

     

    We have testing this scenario due to below cases happen with our client:

     

    1. Suppose if there one system is encrypted with all drives protection and in feature if the system is crashed then we need to provide the harddisk to other recovery vendor for data recovery purposes.

    In recently one system is having two disk like c & d drive.

    In that system only c drive is accessible to the client and d drive data is not visible .

    Hecne he is asking for the decryption process.

     

    Can you suggest what is the best policy we can create here.

  • Hi Paresh - I am assuming you're talking about encrypted with BitLocker - Right?

    If so - I would supply the recovery company with the recovery key. They "should" know exactly how to mount a drive that's BitLocker enabled - to be honest if they don't....I wouldn't be trusting my business/data to them in the first place!

     

  • 2nd scenario is our client is having two console SGN 8.0 and 8.2.

    Now client wants to migrate the some system which is loaceted in SGN 8.0 to SGN 8.2

     

    FOr migration ,

    we need to decrpyt the system then uninstallled client configration then need to installed the new SGN 8.2 configuration with new certificate.

  • Another case :

     

    Our client is having two console of SGN 8.0 & 8.2 

     

    Now the wants to be moved some client systems from SGN 8.0 to SGN 8.2 

     

    For that we need to Decrypt>>>Uninstalled the Client configuation of SGN8.0>>>Add new SGN8.2 Configuraiont & certificates.

     

    So in that case how we can decrpy for the particular system

  • No we have 2 system like windows 10 and windows 7 .

     

  • Best to create a new post really Paresh - This gets quite confusing with multiple questions and answers in the same thread?

     

    You do NOT need to decrypt in this scenario IF both systems are BitLocker - I've moved many of my clients from one to another.

     

    You could simply update the client. Remove the old configuration, reboot and install the new. Make sure the computer is communicating with the new console. 

     

    If the client has C/R -  I would NOT recommend "moving" it - remove C/R, decrypt and then treat the client as a new one.

    If the client is Sophos encrypted - I would also NOT recommend "moving" it - Decrypt and then treat the client as a new one.

  • Hi Micheal,

     

    Thanks for the input.

     

    Just to update you ,

    Here 2 separate servers are built as per location.

     

    Also the configuration packages & certificates are different here,the system is having device & native device encryption licenses here.

Reply Children