Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 6 subscribers
  • Views 5337 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Installing SafeGuard Client on PC with Bitlocker already installed

Steve Nemeti

Sorry if I missed this in one of the documents somewhere, or if this is common knowledge, but I just want to make sure it is completely possible to install SafeGuard Client on a computer already encrypted with BitLocker. I didn't see anything explicitly discussed in the documentation, and need to know if the computer has to be decrypted before installation.

If not, are there any special steps that need to be taken during installation?

Thanks to all in advance.



This thread was automatically locked due to age.
Parents
  • 0

    Hi Steve,

    Just install SafeGuard on these machines and it will take over the management of BitLocker automatically, there's no need to decrypt. Please refer to the thread Add already encrypted machines to SafeGuard.

    The following criteria needs to be met for BitLocker machines:


    BitLocker Drive Encryption must be installed and activated.
    ■ If TPM is to be used for authentication, TPM must be initialized, owned and activated.
    ■ To install BitLocker Drive Encryption support, either deactivate User Access Control (UAC) or log on to the built-in Administrator account.

    These GPOs also need to be set:
    ■ To use "TPM + PIN", "TPM + Startup Key" or "Startup Key" please enable the Group Policy "Require additional authentication at startup" either in Active Directory or locally on computers.
    ■ To use "Startup Key", you must also tick the checkbox "Allow BitLocker without a compatible TPM" in the Group Policy.
    ■ To use "TPM + PIN" on tablets, you must also enable Group Policy "Enable use of BitLocker authentication requiring preboot keyboard input on slates".

    Please let me know if you need anything further.

    Haridoss Sreenivasan
    Technical Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

Reply
  • 0

    Hi Steve,

    Just install SafeGuard on these machines and it will take over the management of BitLocker automatically, there's no need to decrypt. Please refer to the thread Add already encrypted machines to SafeGuard.

    The following criteria needs to be met for BitLocker machines:


    BitLocker Drive Encryption must be installed and activated.
    ■ If TPM is to be used for authentication, TPM must be initialized, owned and activated.
    ■ To install BitLocker Drive Encryption support, either deactivate User Access Control (UAC) or log on to the built-in Administrator account.

    These GPOs also need to be set:
    ■ To use "TPM + PIN", "TPM + Startup Key" or "Startup Key" please enable the Group Policy "Require additional authentication at startup" either in Active Directory or locally on computers.
    ■ To use "Startup Key", you must also tick the checkbox "Allow BitLocker without a compatible TPM" in the Group Policy.
    ■ To use "TPM + PIN" on tablets, you must also enable Group Policy "Enable use of BitLocker authentication requiring preboot keyboard input on slates".

    Please let me know if you need anything further.

    Haridoss Sreenivasan
    Technical Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

Children
No Data
Unfiltered HTML