Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 11 replies
  • Answers 3 answers
  • Subscribers 7 subscribers
  • Views 24660 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can't add a second user to a SafeGuard Easy client

michaeloneillir

I'm not sure if this has been asked before but I can't find the answer anywhere so thought I'd try here.

I have SafeGuard Easy. I've set up a policy with a POA user. All fine so far.

I've installed the policy on the client PC and rebooted. 

Then as far as I know the first user I log on as is the owner.

According to the instructions to add a second user I

1: Reboot the machine.

2: Remove the tick in the box to pass the password to Windows.

3: Log on as the owner at the SafeGuard logon screen.

4: At the Windows logon log on as the second user.

So when I do all that and reboot I try logging on to the SafeGuard client as the second user.

The username / password / domain are absolutely correct but SafeGuard pops up saying the password is incorrect.

I've tried this on several machines. My laptops can be used my multiple users so I need this to work. At the moment all I can do is create a policy with no POA but this isn't satisfactory.

I'm probably doing something daft. Would anybody have any ideas?

:13485


This thread was automatically locked due to age.
  • 0

    Hi there,

    thank you very much for posting and welcome to the forum.

    It is very likely that you have configured the setting "User allowed add new users" no properly. Please check that setting at your side and eventually change it to Everyone > deploy the policy to the Client (via a new Client Config) and check if things will work then.

    Regards

    Dan

    :13719
  • 0

    ok, is that the proper way to add LOCAL PC administrator and the DOMAIN\Administrator account to the Sophos secured work station ? 

    :14235
  • 0

    Hello SecurityAdmin,

    thank you very much for your posting.

    By default the policy object "User allowed add new users" is set to "Owner", which is the default way for adding users to the machine (UMA, user machine assignment).

    If you want to change policy settings on an SafeGuard Easy / Standalone client you have to create a new config package and deploy it to the client.

    Regards
    Tim

    :14441
  • FormerMember
    0 FormerMember
    Hello,

    To allow another user to logon to a SafeGuard Easy client you will need to do the following::

    1. Switch on the computer.
    The POA logon dialog is displayed. The second Windows user cannot log on at the POA because
    they do not have the necessary keys and certificates.
    2. For the second user to log on at the POA, the computer's owner must allow it.
    Note: The default setting specifies that the first user to log on after installation is registered as
    the owner of the computer. The security officer can also define the owner of a computer with
    a policy setting.
    3. In the POA logon dialog, click Options and clear the Pass through Windows check box.
    The Windows logon dialog is displayed, prompting the second user to log on.
    4. The second user enters their Windows credentials.
    5. An entry for the second user is created in the Sophos SafeGuard system core.
    The next time the computer is started, the second user can log on at the Power-on Authentication.
  • 0
    I'm using Safeguard Policy Editor version 7.00.0.97. Where is "User allowed add new users" located. I've looked everywhere and cannot seem to locate it.
  • FormerMember
    0 FormerMember in reply to CarlesBrantley
    Create the new user account > In the Policy Editor open the Machine Settings policy and look for a setting called "Enable registration of SGN Windows Users" > Create the new configuration package and install it on the Client machine > Reboot > The new user should now be able to logon at Windows > Check the status and they should be showing as "SGN user". Any problems just let me know.
  • 0 in reply to FormerMember

    Hi Toby,

    Is this option available in Safeguard Easy 6.1? I can't seem to find it in the Policy Editor. I really only need to amend the username not add a second user.

    Kind regards,

    Wayne

  • FormerMember
    0 FormerMember in reply to WayneCullen

    Hi Wayne,

    It's slightly different in SafeGuard Easy - but if you just need to rename the current user you can do this in AD.

    If the machine is BitLocker you can just reboot afterwards, if you're using Full Disk Encryption your user might need a new certificate. They may also need to logon at POA via the new username if POA is in use

  • 0 in reply to FormerMember

    Hi Toby,

    These are stand alone laptops and don't connect to the Domain in this instance.

    Any other ideas?

    Kind regards,

    Wayne

  • 0 in reply to FormerMember

    Hello,

    I have the same question as Wayne below.

    I have 6.1 Easy not enterprise.

    If the person brings their laptop that is encrypted and connects to our network how could a second user login with their AD account?

    Thank you very much

Unfiltered HTML