Remove Encryption - Safeguard Enterprise

HI ssij,

Thank you for stopping by the SophosTalk community forum and posting your question.

You can configure the existing security policies or create a separate policy to decrypt a volume. Three things need to happen in order to get the volume decrypting:

1. A Device Protection policy needs to be configured for the User to be able to decrypt, make sure it's synch'ed to the User before Step 2.
2. Change the same Device Protection encryption policy from 'Volume Based' to 'No encryption'. Synch this up to the Computer before Step 3.
3. On the workstation you want to decrypt, go to My Computer which displays the drive letters and icons. Right-click on the volume you want to decrypt. Click on the 'Encryption' tab added by SGN. The 'Media encrypted' check box should now be enabled. Unselect the checkbox, click 'OK' or 'Apply' and watch the drive decrypt.

The important components to note here are that you are first enabling a User to remove encryption without removing the SGN Client software. This is a User based policy. Second, changing the policy to 'No encryption' is a Computer Based policy which can be applied to Computer and Users in a 'Decryption' group. Lastly, is the action taken to remove the encryption. If your question is asking to be able to change a security policy and without any User action to remove encryption? That is lower security and increases an organization's risk to be non-compliant.

I don't believe that anyone reading this post would want to come into work one day and hear that everyone's computers are decrypting or have already been decrypted. Yikes!! After you change the security policy back to 'Volume based' encryption, make sure you are checking the classified ads for a new career.

HI ssij,

Thank you for stopping by the SophosTalk community forum and posting your question.

You can configure the existing security policies or create a separate policy to decrypt a volume. Three things need to happen in order to get the volume decrypting:

1. A Device Protection policy needs to be configured for the User to be able to decrypt, make sure it's synch'ed to the User before Step 2.
2. Change the same Device Protection encryption policy from 'Volume Based' to 'No encryption'. Synch this up to the Computer before Step 3.
3. On the workstation you want to decrypt, go to My Computer which displays the drive letters and icons. Right-click on the volume you want to decrypt. Click on the 'Encryption' tab added by SGN. The 'Media encrypted' check box should now be enabled. Unselect the checkbox, click 'OK' or 'Apply' and watch the drive decrypt.

The important components to note here are that you are first enabling a User to remove encryption without removing the SGN Client software. This is a User based policy. Second, changing the policy to 'No encryption' is a Computer Based policy which can be applied to Computer and Users in a 'Decryption' group. Lastly, is the action taken to remove the encryption. If your question is asking to be able to change a security policy and without any User action to remove encryption? That is lower security and increases an organization's risk to be non-compliant.

I don't believe that anyone reading this post would want to come into work one day and hear that everyone's computers are decrypting or have already been decrypted. Yikes!! After you change the security policy back to 'Volume based' encryption, make sure you are checking the classified ads for a new career.