Safeguard UMA

Question

I don't feel that I understand assigning users to devices. Everything works fine if the logged in user is the user that encrypts the laptop. The user becomes an owner and is able to make it passed the POA and work normally. Yesterday I attempted to add another user to the laptop via clicking that laptop>Users>navigated to the user in the right side via active directory>dragged the user to the left>deselected "block user", left the "owner" as is and it didn't work. The new user isn't able to get passed the POA portion. 
 I almost positive I have done this before on a different laptop successfully. So im not sure whats tripping me up this time. 
 Also I don't really understand how the policies are assigned. I have modified the default policies to suit what we want but im not sure they are "assigned" in any way. 
 
 Thanks in advance

PaulD · Accepted Answer

Hello Kire, 
 
The user can't login because they don't have a local Safeguard certificate. The certificate has to be created locally on the machine first, regardless of whether or not the user has been added via active directory. 
 
The proper method to add a user to the POA so they can login to the machine is described in this KB article: 
 
 community.sophos.com/.../107857 
 
I would also recommend reading through the policy best practice guide found here: It outlines creating and assigning policies. 
 
 community.sophos.com/.../110816 
 
Hope that helps. 
 
PaulD

PaulD · Answer

Hello Kire, 
 
You can manage user assignment from the console only if they have already logged into the machine. They need to logon to the machine first to create a local Safeguard certificate first (which then gets uploaded to the server). You can't assign them as a user/owner and push the certificate down to the machine it unfortunately doesn't work that way, however once the user has logged into the machine, you can then manage their permissions/policy assignment from the console. 
 
PaulD