Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Subscribers 5 subscribers
  • Views 20365 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Strand Alone SafeGuard Computer Locked

SS2010

I use SafeGuard 6.00 and have rolled out a standalone policy from the Enterprise console to non-domain PCs/laptops.  In the policy I have enabled Local Self Help which functions great.

Now I can see LSH working in POA as long as I don't lock the machine.  If I lock the machine I don't see LSH available as an option for recovery.  

Presently we do not have the WebHelp Desk portal installed so that C/R functions.  Is there another way (preferably for an admin to logon or other option in the policy creation from the Enterprise console) to unlock PC/laptop without having to initiate the C/R?

I would rathe not reload a PC from scratch everytime a user locks their standalone PC/laptop.  Augments the number of allowed failed logons is not an option.

Thanks

:53549


This thread was automatically locked due to age.
  • 0

    Hi,

    it is on purpose that the SafeGuard Local Self Help recovery option becomes disabled after a workstation gets locked due to a number of incorrect login attempts.

    The only way to unlock a locked workstation is to perform a Challenge/Response operation using either the SafeGuard Web Helpdesk or the SafeGuard Management Center / Policy Editor (choose Tools -> Recovery... -> "Sophos SafeGuard Client (standalone))

    Regards,

    ChrisD

    :53769
  • 0

    Ok I have tried to perform the 

    SafeGuard Management Center / Policy Editor (choose Tools -> Recovery... -> "Sophos SafeGuard Client (standalone)), but when I import the .xml file it says it is not valid.

    Thanks

    :53773
  • 0

    Hi,

    the required recovery information is based on the key recovery file of the SafeGuard Client. This file is generated during deployment of the Sophos SafeGuard encryption software.

    In case the file is rejected with "Invalid key recovery file", it is either corrupt in structure / unreadable (tip: verify that it was not accidentally encrypted using file based encryption like SafeGuard Data Exchange - you should be able to read the tags in the xml file, like <DataRoot><BAKINFO><MKEK_C> etc) or

    it was not generated from a SafeGuard Client that belongs to your environment (e.g. was installed using a different Client configuration package).


    Do you have multiple environments?

    Regards,

    ChrisD

    :53789
  • 0

    Ok the file was encrypted, got that resolved and was able to do a C/R

    However when recovering the PC it will boot to the Windows logon rather than to the users desktop.  The policy in-place is to boot to the users desktop but I noticed that you can't select the user for standalone recovery as I can from a non standalone recovery (domain PCs).

    Normal?

    :53795
  • 0

    Also

    Noticed that if I change the password for a local user on a standalone (non domain PC), and reboot the machine.  The PC wants the old password during POA but then wants the new password for SSO into Windows.

    Is there a sync option, I cant imagine one could never change there password on a standalone PC.

    :53797
  • 0
    Did you manage to find a solution?

    I have the same problem. Standalone User forgets their password, completes c/r and is presented with a Windows login screen asking for their password, which is a bit pointless as they can't remember their password which is why they did the c/r.
    :53815
Unfiltered HTML