Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 6 subscribers
  • Views 3361 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Migrating OS X users from one SafeGuard Server to another removes user from FileVault

RikkStreng

We have a SafeGuard 6.1 server we're trying to retire.  I spun up a new server, installed SafeGuard 7 Server, and started testing.  I managed to get existing encrypted Windows clients to jump to this new server without issue.  On our encrypted Macs (using the 7.02 client), when I try to use "sgdeadmin --import-config file.zip", the Mac jumps to the new server, but FileVault 2 loses users besides the "Owner."  This is a hassle, because it's dropping our administrative support account.  We can't have that, as we will be LANrev'ing the script eventually to switch users all over the world.  This also means we can't personally decrypt/reencrypt every single machine, or go around telling users to re-add our account to the login screens.

Is there an argument to pass to sgdeadmin, something in the config file, or a policy in SafeGuard itself to say "if I'm brought into a new server, don't change my current FV2 setup"?



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hello Rikk,

    This is by design - if the network configuration changes we remove all invalid user accounts leaving only one account to make sure that someone can still login to FileVault2 - this will be the owner not the person that set the machine up for them.

    What you could do is create a new configuration zip file and add the new server + the old SGN server. The OS X client will notice that one of the SGN Servers is no longer available and will use the other server. This idea would work if you use the same SGN database for both SGN servers, if this move means you now use two different SGN databases then this won’t work.

Reply
  • FormerMember
    0 FormerMember

    Hello Rikk,

    This is by design - if the network configuration changes we remove all invalid user accounts leaving only one account to make sure that someone can still login to FileVault2 - this will be the owner not the person that set the machine up for them.

    What you could do is create a new configuration zip file and add the new server + the old SGN server. The OS X client will notice that one of the SGN Servers is no longer available and will use the other server. This idea would work if you use the same SGN database for both SGN servers, if this move means you now use two different SGN databases then this won’t work.

Children
No Data
Unfiltered HTML