Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 6 subscribers
  • Views 6563 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

encrypt my hdd

- -1

Hy,

 

My Notebook has a HDD encryption by Sophos safeGuard.

The Problem is, the Notebook has a defect (graphic device doesn´t work any more)

Now I have connected the HDD (from my Laptop) via USB to another Laptop.

 

But I can´t read the data.?

Is there a way to uncrypt the HDD



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hello,

    Yes indeed, these instructions describe how to slave a drive to an SGN client, and decrypt that slaved drive. Upon completion, in order to boot to the drive the MBR must be re-written.

    Start by following the process in KBA 108156, page 18, to slave a hard drive:

    Article ID: 108156
    Title: SafeGuard Enterprise: Recovery scenarios
    URL: sophos.com/.../108156

    Once the hard drive is slaved you will need to create a decryption policy. Decryption is never automatic, it must be manually triggered from the client machine.

    1. Create a new device protection policy in the Management Center
    2. Set the target to 'Local Storage Devices\Drive Letters'. This will allow you to decrypt any hard drive connected to the computer.
    3. Set the Media encryption mode to 'Volume based'
    4. Change the setting 'User may decrypt volume' to Yes
    5. Change the Media encryption mode to 'No encryption'
    6. Click Save
    7. Apply this policy to the OU or group containing the user or computer that will be decrypting the slaved hard drive. Click Save.
    8. Synchronize the client. You should have received new policies. After receiving the new policies you should be able to right click the slaved drive in Windows Explorer and see that the 'Encryption' context menu item is no longer greyed out, and you can now click 'Decryption'
    The drive will take roughly as long to decrypt as it did to encrypt. Once decrypted you may want to re-write the MBR to skip over the SafeGuard kernel. You can use either a Windows disk or WinPE (KB 108805) to do this.

    Article ID: 108805
    Title: Recovering data from a volume-based encrypted SafeGuard Device Encryption Client
    URL: sophos.com/.../108805

    The following related KBA may also be of some assistance

    Article ID: 108411
    Title: How to allow a user to decrypt a SafeGuard Enterprise Client
    URL: sophos.com/.../108411

  • 0 in reply to FormerMember

    Hy Toby,

    thanks for the Support.

    We already have tryed out step 1 to step 8 like you described.

    But I think the Client cannot synchronize to the new policy.

    When I check the state -> last certificate received: it is a date from

     

     

    last policy was in july.

    And I still can´t click the "decryption" in context menue

Reply
  • 0 in reply to FormerMember

    Hy Toby,

    thanks for the Support.

    We already have tryed out step 1 to step 8 like you described.

    But I think the Client cannot synchronize to the new policy.

    When I check the state -> last certificate received: it is a date from

     

     

    last policy was in july.

    And I still can´t click the "decryption" in context menue

Children
Unfiltered HTML