This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Safeguard UMA

I don't feel that I understand assigning users to devices.  Everything works fine if the logged in user is the user that encrypts the laptop.  The user becomes an owner and is able to make it passed the POA and work normally.  Yesterday I attempted to add another user to the laptop via clicking that laptop>Users>navigated to the user in the right side via active directory>dragged the user to the left>deselected "block user", left the "owner" as is and it didn't work.  The new user isn't able to get passed the POA portion.

I almost positive I have done this before on a different laptop successfully.  So im not sure whats tripping me up this time. 

Also I don't really understand how the policies are assigned.  I have modified the default policies to suit what we want but im not sure they are "assigned" in any way.

Thanks in advance



This thread was automatically locked due to age.
  • Also I made sure the laptop did a Syncronization prior to rebooting and having the new user try to log in.
  • Hello Kire,

    The user can't login because they don't have a local Safeguard certificate. The certificate has to be created locally on the machine first, regardless of whether or not the user has been added via active directory.

    The proper method to add a user to the POA so they can login to the machine is described in this KB article:

    community.sophos.com/.../107857

    I would also recommend reading through the policy best practice guide found here: It outlines creating and assigning policies.

    community.sophos.com/.../110816

    Hope that helps.

    PaulD
  • Thanks Paul. I will give this a try and let you know if I have any struggles afterward.
  • Paul,

    I have not tried the above method. I did read the article so I am almost certain it will work. I also verified my policy setting as well. My question now is, can I set this so that I can manage this user assignment through the console only? For some reason that would seem like the best place to assign or remove possible users to a system. Is there an advantage to only being able to do it the way the article describes? Im not upset or anything and if there is no other way then that's fine. Or if its against best practice because of some security issue that im not thinking about.

    Thanks
  • Hello Kire,

    You can manage user assignment from the console only if they have already logged into the machine. They need to logon to the machine first to create a local Safeguard certificate first (which then gets uploaded to the server). You can't assign them as a user/owner and push the certificate down to the machine it unfortunately doesn't work that way, however once the user has logged into the machine, you can then manage their permissions/policy assignment from the console.

    PaulD