Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 5 subscribers
  • Views 6143 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Hep with initial initial HD encryption - Safeguard 6.10

Honkala

Hi guys - we are rolling out Safeguard HD encryption to a number of our clients. We have the enterprise version and I'm having problems with the initial HD encryption not starting after installing the three installable components.

Our tech rep at Sophos provided us with a single batch file that somewhat automates the install with a single click. I've installed this onto a Lenovo X220 laptop and the HD encryption never initiates. The system never appears in the Safeguard Management Center console. I ran this same installer on a Dell E4310 and the initial HD encryption starts after a reboot of the system following the install of the packages.

What can I do to manually initiate the HD encryption on the Lenovo system? Or, is there a way to manually remove the packages from the system and try installing again? The system has yet to check-in with the management center. Please bear with me as I'm new to this particular HD encryption service - we were using Winmagic before.

Thanks,

Keivn

:51288


This thread was automatically locked due to age.
Parents
  • 0

    Kevin,

    For encryption to even begin, there has to be a "policy group" assigned in the Safeguard Management Cetner. In that policy group, you need to have at least four policy items: an "authentication" policy item, a "device protection" item, a "General Settings" policy item, and a "Machine Settings" policy item. The "Device protection" item has the settings for the actual encryption. The "Target" should be set to "Local Storage Device\Internal Storage\Boot Volumes" and "Media Encryption mode" should be set to "Volume Based." Algorithm can be set to either AES256 or AES128, depending on how strong of encryption you want, and "Key to be used for encryption" should be set to "Defined machine key (this generates unique keys for each individual computer)."

    Assign that policy out to your domain, and you have a policy set.

    Then create a "Configuration Package" that has your Safeguard server set as the primary server. If you have an SSL cert assigned to IIS, then use SSL security (hint: do this), or you can use the Safeguard encryption for comms instead. If you set the config package to use SSL, and your SSL cert is a self-signed cert, then this cert will need to manually imported into each computer. But if your SSL cert is signed by a CA, then no import is needed.

    Hope this helps.

    :51294
Reply
  • 0

    Kevin,

    For encryption to even begin, there has to be a "policy group" assigned in the Safeguard Management Cetner. In that policy group, you need to have at least four policy items: an "authentication" policy item, a "device protection" item, a "General Settings" policy item, and a "Machine Settings" policy item. The "Device protection" item has the settings for the actual encryption. The "Target" should be set to "Local Storage Device\Internal Storage\Boot Volumes" and "Media Encryption mode" should be set to "Volume Based." Algorithm can be set to either AES256 or AES128, depending on how strong of encryption you want, and "Key to be used for encryption" should be set to "Defined machine key (this generates unique keys for each individual computer)."

    Assign that policy out to your domain, and you have a policy set.

    Then create a "Configuration Package" that has your Safeguard server set as the primary server. If you have an SSL cert assigned to IIS, then use SSL security (hint: do this), or you can use the Safeguard encryption for comms instead. If you set the config package to use SSL, and your SSL cert is a self-signed cert, then this cert will need to manually imported into each computer. But if your SSL cert is signed by a CA, then no import is needed.

    Hope this helps.

    :51294
Children
No Data
Unfiltered HTML