This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Safeguard Encryption and Windows Remote Assistance

We've recently started deploying SafeGuard v8 to staff laptops, running Windows 7.

 

Until now, we've used Windows Remote Assistance (msra.exe) extensively to assist staff at remote sites (funnily enough!)

 

Since rolling out SafeGuard, we're unable to succesfully connect.  The connection is established briefly but immediately disconnects.  I'm aware that Remote Desktop simultaneous logins are not possible on a SafeGuard system but are there similar restrictions on Remote Assistance or is there a Policy somewhere that i can change?



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hey Buck,

    As you rightly pointed out simultaneous logins aren't permitted, either via RA or locally on the machine itself (hence why Fast user Switching is disabled).

    You should still be able to login when using RDP, the only proviso being that any previous user sessions MUST be terminated.

    There aren't any policy changes to make to a SafeGuard protected machine in terms of policies or configuration, however it's worth being aware of the following restrictions that apply to Remote Desktop connections to a client that has SafeGuard Enterprise installed :

    • As discussed, SafeGuard Enterprise only allows one user session, so when a remote user logs on to the system, the remote connection attempt will fail unless the currently running session is shut down.
    • Remote logon with token is not supported.
    • A remote session does not have access to the user key ring. Only the machine key is available.
    • Access to key ring after closing a remote session:
      A user's key ring is no longer accessible after an established remote session has been closed. The client machine has to be rebooted in order to restore full access to the user's key ring. Just logging off and on is not sufficient to regain access to the key ring.

    If you're still experiencing issues with the above taken into consideration I would take a remote test machine and perform the following tests:

    1. Ensure you can establish a connection without SafeGuard installed to confirm there are no current issues
    2. Install SafeGuard, are you still able to remote onto the machine (with the above caveats considered)?
    3. If you are, I would then encrypt the disk and see if it's the encryption of the disk that is causing a conflict with the RDP session.

    If you're unable to gain access once SafeGuard is installed/the disk is encrypted I would raise a case with our support team via support@sophos.com and we can take a look for you.

Reply
  • FormerMember
    0 FormerMember

    Hey Buck,

    As you rightly pointed out simultaneous logins aren't permitted, either via RA or locally on the machine itself (hence why Fast user Switching is disabled).

    You should still be able to login when using RDP, the only proviso being that any previous user sessions MUST be terminated.

    There aren't any policy changes to make to a SafeGuard protected machine in terms of policies or configuration, however it's worth being aware of the following restrictions that apply to Remote Desktop connections to a client that has SafeGuard Enterprise installed :

    • As discussed, SafeGuard Enterprise only allows one user session, so when a remote user logs on to the system, the remote connection attempt will fail unless the currently running session is shut down.
    • Remote logon with token is not supported.
    • A remote session does not have access to the user key ring. Only the machine key is available.
    • Access to key ring after closing a remote session:
      A user's key ring is no longer accessible after an established remote session has been closed. The client machine has to be rebooted in order to restore full access to the user's key ring. Just logging off and on is not sufficient to regain access to the key ring.

    If you're still experiencing issues with the above taken into consideration I would take a remote test machine and perform the following tests:

    1. Ensure you can establish a connection without SafeGuard installed to confirm there are no current issues
    2. Install SafeGuard, are you still able to remote onto the machine (with the above caveats considered)?
    3. If you are, I would then encrypt the disk and see if it's the encryption of the disk that is causing a conflict with the RDP session.

    If you're unable to gain access once SafeGuard is installed/the disk is encrypted I would raise a case with our support team via support@sophos.com and we can take a look for you.

Children
No Data