This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSO Safeguard 8

Hello,

I have setup Sophos Safeguard successfully and having issues setting up Single Sign On. The clients workstations are Windows 10 with Bitlocker enabled. Is there a way to allow SSO without having to enter Bitlocker password at boot?

This thread was automatically locked due to age.

Parents

+1 Haridoss Sreenivasan over 7 years ago

Hi Matt,

You have to make the required changes in the following Group Policy, either in Active Directory or locally on computers:

1. Require additional authentication at startup

2. Allow BitLocker without a compatible TPM

Please go to these Group Policy objects and you can enable or disable the settings according to your requirement. Let me know if this helps resolve your issue.

Haridoss Sreenivasan
Technical Support Engineer | Sophos Technical Support
Knowledge Base | @SophosSupport | Video tutorials
Remember to like a post. If a post (on a question thread) solves your question use the 'This helped me' link.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

+1 Haridoss Sreenivasan over 7 years ago

Hi Matt,

You have to make the required changes in the following Group Policy, either in Active Directory or locally on computers:

1. Require additional authentication at startup

2. Allow BitLocker without a compatible TPM

Please go to these Group Policy objects and you can enable or disable the settings according to your requirement. Let me know if this helps resolve your issue.

Haridoss Sreenivasan
Technical Support Engineer | Sophos Technical Support
Knowledge Base | @SophosSupport | Video tutorials
Remember to like a post. If a post (on a question thread) solves your question use the 'This helped me' link.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Matt Salinas over 7 years ago in reply to Haridoss Sreenivasan

Sorry for the late response. I will give this a try in Group Policy. Also I am having an issue when installing Safeguard clients using a default policy, some machines are grabbing the correct policy and others are not. All computers are in the same OU in AD and I have the Management Console to sync. Any ideas?
Cancel
Vote Up 0 Vote Down

Cancel
0 Haridoss Sreenivasan over 7 years ago in reply to Matt Salinas

Hi Matt,

Please help me the following questions:

1. What is the Operating System on the machines?

2. Do you see all the machines report to the Management Console?

Haridoss Sreenivasan
Technical Support Engineer | Sophos Technical Support
Knowledge Base | @SophosSupport | Video tutorials
Remember to like a post. If a post (on a question thread) solves your question use the 'This helped me' link.
Cancel
Vote Up 0 Vote Down

Cancel
0 Matt Salinas over 7 years ago in reply to Haridoss Sreenivasan

1. Windows 10 Pro 64bit

2. I now see the machines responding to the Management Console. What I did was made changes to the policy and re-create a new Machine Client install. Once I installed the updated .msi All PC's were communicating and receiving the correct policy.

Will I have to re-create a new manged client .msi everytime I make changes to the polices?
Cancel
Vote Up 0 Vote Down

Cancel
0 MichaelMcLannahan over 7 years ago in reply to Matt Salinas

No you don't need to, I push out policy changes frequently and if the client is effectively communicating with the server it will receive and action the changes. I would suspect the previous managed MSI wasn't configured properly.
Cancel
Vote Up 0 Vote Down

Cancel
0 Haridoss Sreenivasan over 7 years ago in reply to Matt Salinas

Hi Matt,

As Michael said, you don't have to create a new client install package every time you make changes to the policy. Now that the clients are communicating with the Management console, the policies will be updated during the next sync after the policy change.

Haridoss Sreenivasan
Technical Support Engineer | Sophos Technical Support
Knowledge Base | @SophosSupport | Video tutorials
Remember to like a post. If a post (on a question thread) solves your question use the 'This helped me' link.
Cancel
Vote Up 0 Vote Down

Cancel