Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 6 subscribers
  • Views 4340 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Required users in SafeGuard console?

Chris Carson

We do not use File Encryption.  We basically image a computer, login to the Safeguard credential provider (or to domain, then login to the Safeguard prompt) which prompts encryption.

Then we disable the credential provider and the auth prompt using the following script:

C:\windows\syswow64\SGMCmdIntn.exe -i

rename "C:\Program Files (x86)\Sophos\SafeGuard Enterprise\Client\x64\SGNAuthAppn.exe" SGNAuthAppn.exe.old

So my question is, if we encrypt with a small set of users, do we even need other users added/synced to the Safeguard Console?   



This thread was automatically locked due to age.
  • +1

    Hello again - Yes I would. That way you can assign policies/setings to users and not just devices. I would test the modification of cred providers VERY carefully. When I disabled the Windows one all sorts of issues and side effects were experienced. Yes it DID look better with just ONE icon/user to log in with - but my users quickly got used to logging in with the "Sophos cog". 

    The users are easy to add/approve on the console - but it all will work better if bound to a domain. Easier to manage too, but that might not suit your setup.

    I know you probably know, but just to remind you that SSG is End Of Life in July 2023, so it's worth bearing this in mind when planning new SSG config/developments.

    All the best

  • 0 in reply to MichaelMcLannahan

    Thanks again Michael. It's good to keep the users in the system in case we want to deploy policies like that. Simple enough.

    Side note, we've already been removing the Safeguard credential provider without issue for years :) 

    Helpful reminder on EOL date, thank you again. 

  • 0 in reply to Chris Carson

    Ah ha - Sorry I read that the wrong way that you removed the Windows Cred provider and used the Sophos one instead! You're very welcome!

Unfiltered HTML