Safeguard Encryption on a Terminal Server

Hi MoeAye,

As far as i know, you must use LanCrypt since Safeguard cannot be installed on servers (i´m assuming that the remote users don´t have the Safeguard client installed). So you have must use a different product.

Hi PeterRL,

Thank you for your reply. No the remote users don't have the client installed. Will that make a difference? Will they be able to map safeguard client to the remote session?

Now I just tried LanCrypt and the problem with LanCrypt is that it is not compatible with the existing Keyring. I can't import current keyring to LanCrypt. We have currently encrypted share folders with safeguard enterprise remote users need access to those files. I tried to use SGportable but not ideal for the same reason. In Sophos Lab, the bitlocker client is windows server 2012 R2 and the other is server 2008 I believe. And the client installer can be installed just fine. But I can't even install it on the server in real life. Let me know if you have any other ideas.

Hi PeterRL,

Thank you for your reply. No the remote users don't have the client installed. Will that make a difference? Will they be able to map safeguard client to the remote session?

Now I just tried LanCrypt and the problem with LanCrypt is that it is not compatible with the existing Keyring. I can't import current keyring to LanCrypt. We have currently encrypted share folders with safeguard enterprise remote users need access to those files. I tried to use SGportable but not ideal for the same reason. In Sophos Lab, the bitlocker client is windows server 2012 R2 and the other is server 2008 I believe. And the client installer can be installed just fine. But I can't even install it on the server in real life. Let me know if you have any other ideas.

Hi,

Well, if your remote users have the SafeGuard client installed, they will have the keyring available, thus, access to the encrypted information will be available.

I never tested LanCrypt, but as far as i was informed, it´s not possible to use the SafeGuard keyring on LanCrypt. They are two different products with different key management. As stated, i never have tested (despite that i was informed officially) - so you can try to reach Sophos to double check with them.

Hey Peter,

I don't think that will help. Because we tried it from local PC which has SG client installed and there no way to carried into RDP session. Thanks for your input. I'm contacting sophos as we speak. Hope they can help. I'll post the update.

Hi MoeAye,

I can confirm what Peter has explained, as well as your findings.

In order to access encrypted files in a TS session you need LAN Crypt (it has a special TS client). SafeGuard Enterprise doesn't allow you to do that.

It is also not possible to mix both products, as they work differently. Or to be more precise: the difference is in the keys, and there is no way to export/import keys from one to the other.

Hope this helps,

Vince

I haven't got any luck with Sophos support as usual. Do you guys know where I can download LanCrypt client? I found a compatibility Component but I can't find the actual client that is compatible with Terminal server. I found a release note for it but not the actual software. Can you guys help me out with that?

Hi MoeAye,

SafeGuard LAN Crypt has a management part and a client part. To work with it you need both. If you have a license for it you can download it from 

https://www.sophos.com/en-us/support/downloads/data-protection/safeguard-lancrypt.aspx. 

If not you can request an evaluation from your local Sophos office.

Hey Everyone I am wondering if anyone got this to work in any way.  Sophos support has been like pulling teeth.  We are trying to get safeguard to work on citrix/terminal server, and I dont understand why this product in 2017 doesnt support terminal server environments.

Hi Stevens,

If you are referring to "SafeGuard Enterprise", then no, Citrix/RDP is not supported.

As said above, LAN Crypt does work. Is that the product you have had issues with?

Vince

I am using the Safeguard Enterprise product.  I dont have lan Crypt.  Is there a way to use lan crypt on citrix but to open my SGE secured files?  I saw that Lan Crypt is going EOL. 

Is there a timeline to get SGE working in this way?