Safeguard Encryption and Windows Remote Assistance

Hey Buck,

As you rightly pointed out simultaneous logins aren't permitted, either via RA or locally on the machine itself (hence why Fast user Switching is disabled).

You should still be able to login when using RDP, the only proviso being that any previous user sessions MUST be terminated.

There aren't any policy changes to make to a SafeGuard protected machine in terms of policies or configuration, however it's worth being aware of the following restrictions that apply to Remote Desktop connections to a client that has SafeGuard Enterprise installed :

• As discussed, SafeGuard Enterprise only allows one user session, so when a remote user logs on to the system, the remote connection attempt will fail unless the currently running session is shut down.
• Remote logon with token is not supported.
• A remote session does not have access to the user key ring. Only the machine key is available.
• Access to key ring after closing a remote session:
  A user's key ring is no longer accessible after an established remote session has been closed. The client machine has to be rebooted in order to restore full access to the user's key ring. Just logging off and on is not sufficient to regain access to the key ring.

If you're still experiencing issues with the above taken into consideration I would take a remote test machine and perform the following tests:

1. Ensure you can establish a connection without SafeGuard installed to confirm there are no current issues
2. Install SafeGuard, are you still able to remote onto the machine (with the above caveats considered)?
3. If you are, I would then encrypt the disk and see if it's the encryption of the disk that is causing a conflict with the RDP session.

If you're unable to gain access once SafeGuard is installed/the disk is encrypted I would raise a case with our support team via support@sophos.com and we can take a look for you.

Hey Buck,

As you rightly pointed out simultaneous logins aren't permitted, either via RA or locally on the machine itself (hence why Fast user Switching is disabled).

You should still be able to login when using RDP, the only proviso being that any previous user sessions MUST be terminated.

There aren't any policy changes to make to a SafeGuard protected machine in terms of policies or configuration, however it's worth being aware of the following restrictions that apply to Remote Desktop connections to a client that has SafeGuard Enterprise installed :

• As discussed, SafeGuard Enterprise only allows one user session, so when a remote user logs on to the system, the remote connection attempt will fail unless the currently running session is shut down.
• Remote logon with token is not supported.
• A remote session does not have access to the user key ring. Only the machine key is available.
• Access to key ring after closing a remote session:
  A user's key ring is no longer accessible after an established remote session has been closed. The client machine has to be rebooted in order to restore full access to the user's key ring. Just logging off and on is not sufficient to regain access to the key ring.

If you're still experiencing issues with the above taken into consideration I would take a remote test machine and perform the following tests:

1. Ensure you can establish a connection without SafeGuard installed to confirm there are no current issues
2. Install SafeGuard, are you still able to remote onto the machine (with the above caveats considered)?
3. If you are, I would then encrypt the disk and see if it's the encryption of the disk that is causing a conflict with the RDP session.

If you're unable to gain access once SafeGuard is installed/the disk is encrypted I would raise a case with our support team via support@sophos.com and we can take a look for you.