Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 5 subscribers
  • Views 12983 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Safeguard no Challenge response to get user in.

nat

We have just rolled out Safeguard 6.00.1.31. We have configured the server, created the certificates, ran the 3 install packages on the test machine and then rebooted. Sophos Safegaurd has started for the user but it is reporting that the Workstation is locked. Perform Challenge/Response to Unlock.

I have then clicked on Recovery and got to step 2 of 3 but there is no Challenge appearing and says this challenge will expire in 00:00 minutes.

This is the very first time the user has attempted to signon  so we have not had the chance to start windows and create the responses.

Help how do we proceed please ????:smileyfrustrated:

Thanks

Nathan

:36395


This thread was automatically locked due to age.
  • 0

    For your authentication policy. What is the Maximum no. of failed logons set to. Usually should be atleast 3 failed attempts.

    :36401
  • 0

    Hi ITsecurityGeek

    We set the maximum no of failed logons to 10 to ensure this didmnt happen. We havent got to a logon screen to input the credentials yet. It just says Workststation is Locked ??

    :36409
  • FormerMember
    0 FormerMember
    Hello nat,

    Sorry to hear you're having this issue.

    I've seen this problem a number of times, unfortunately that machine won't be recoverable. If you have data you need to retrieve from the hard drive you'll need to slave and decrypt the disk:

    These instructions describe how to slave a drive to an SGN client, and decrypt that slaved drive. Upon completion, in order to boot to the drive the MBR must be re-written.

    Start by following the process in KBA 108156, page 18 in the PDF, to slave a hard drive:

    Article ID: 108156
    Title: SafeGuard Enterprise: Recovery scenarios
    URL: https://sophos.com/kb/108156

    Once the hard drive is slaved you will need to create a decryption policy.
    **Decryption is never automatic. It must be manually triggered from the client machine.

    1) Create a new device protection policy in the Management Center
    2) Set the target to 'Local Storage Devices\Drive Letters'. This will allow you to decrypt any hard drive connected to the computer.
    3) Set the Media encryption mode to 'Volume based'
    4) Change the setting 'User may decrypt volume' to Yes
    5) Change the Media encryption mode to 'No encryption'
    6) Click Save
    7) Apply this policy to the OU or group containing the user or computer that will be decrypting the slaved hard drive. Click Save.
    8) Synchronize the client. You should have received new policies. After receiving the new policies you should be able to right click the slaved drive in Windows Explorer and see that the 'Encryption' context menu item is no longer greyed out, and you can now click 'Decryption'
    The drive will take roughly as long to decrypt as it did to encrypt. Once decrypted you may want to re-write the MBR to skip over the SafeGuard kernel. You can use either a Windows disk or WinPE (KB 108805) to do this.

    Article ID: 108805
    Title: Recovering data from a volume-based encrypted SafeGuard Device Encryption Client
    URL: https://sophos.com/kb/108805

    The following related KBA may also be of some assistance

    Article ID: 108411
    Title: How to allow a user to decrypt a SafeGuard Enterprise Client
    URL: https://sophos.com/kb/108411

    I hope that helps, please let us know how you get on.
Unfiltered HTML