Can anyone provide the ‘‘‘‘best practice’’’’ policy settings for optical media encryption? My goal is to have the encrypted media behave the same as our Removable Media policy. Basically, all SafeGuard users should be able to access data from the optical media while non-SafeGuard users need to use SafeGuard Portable to access the data.
Initially, I tried using the same settings for the CD/DVD Encryption Policy as the Removable Media Encryption policy but that didn’’’’t allow non-SafeGuard users to access the data via SG Portable. The settings were:
Key to be used – Defined key on list
Defined key – group key
Initial encryption of all files – No
Copy SG Portable to target – Yes
Default initial encryption key – group key
When that didn’’’’t work as desired, I found out about the hotfix for SG Portable and optical media so I installed the SafeGuard v6.00.1.31 update and obtained the hotfix from Sophos support.
After installing the update and hotfix, I still wasn’’’’t getting the desired result so I contacted Sophos support again and was told that I need to create a local key for use with optical media instead of using the group key. However, now my CD/DVD Encryption policy settings look like this:
Key to be used – Any key in user key ring
Defined key – group key
Initial encryption of all files – No
Copy SG Portable to target – Yes
Default initial encryption key – group key
When they try to open a file a message states ‘‘‘‘the file can’’’’t be decrypted since it’’’’s read only or write protected and must be copied to another location. When you try to save the file and use the passphrase for the group key, you get the message ‘‘‘‘decryption failed the entered passphrase is not correct.’’’’
How do I clean up the CD/DVD Encryption policy and make it work properly?
This thread was automatically locked due to age.
