This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Encryption is not activated

Hi everyone

Thanks for the help you are giving

I do not activate the encryption on the second partition of a single disk of a PC

Dell Precision T3600
Windows 10 build 1909 (10.0.18363)
bios Version A18
Sophos Safeguard 8.20.0.83
TPM version 1.2

The policy is working regularly on all other PCs. The problem occurs only with this model and i can't find the difference with other pc.

Any idea

Thanks in advance

Regards

Franco



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    what do you have for your encryption targets in your SGN policies. I would assume you only have boot drives targeted so only C will be encrypted. 

    You would need to create a policy that targets data drives or a specific drive letter to encrypt anything that isn't the boot drive.

  • Hi Richard

    the goal is to encrypt a disk that is split into two volumes. C: boot disk and E: Data volume.

    The policy is already present and works on all computers with their partitions on all Domain.

    However, the computer where the policy is not applied has tpm version 1.2 and the boot settings are set to UEFI.

    With the Support we then saw that with TPM 1.2, it must not be in UEFI MODE but in LEGACY MODE, and the computer under consideration, a Dell Precision T3600, has TPM 1.2 and on "BOOT List Options"  settings on Bios was setting in UEFI MODE instead of Legacy.

    thanks and regards

    Franco

Reply
  • Hi Richard

    the goal is to encrypt a disk that is split into two volumes. C: boot disk and E: Data volume.

    The policy is already present and works on all computers with their partitions on all Domain.

    However, the computer where the policy is not applied has tpm version 1.2 and the boot settings are set to UEFI.

    With the Support we then saw that with TPM 1.2, it must not be in UEFI MODE but in LEGACY MODE, and the computer under consideration, a Dell Precision T3600, has TPM 1.2 and on "BOOT List Options"  settings on Bios was setting in UEFI MODE instead of Legacy.

    thanks and regards

    Franco

Children
  • Worth seeing if the TPM firmware will upgrade to TPM 2.0- many will and Dell have a tool for it.

    Legacy settings are best avoided if possible, you'll get the full functionality and security from 2.0 and UEFI if at all possible.

  • Hi Michael

    unfortunately the computer does not allow the upgrade to TPM 1.2, in the end we will opt for the legacy mode.

    Thanks for your help.

    Best Regards

    Franco

  • FormerMember
    0 FormerMember in reply to francoBigai

    I don't think the version of the TPM is at issue here. If it was, the main boot drive wouldn't encrypt - but you have that working.

    If the issue is just that data drives don't encrypt but boot drives do - you need to make sure you have an encryption policy assigned that targets data drives not boot drives. You need both policies to encrypt both drives.

    Can you post your RSOP for the machine here please.