Strand Alone SafeGuard Computer Locked

Question

I use SafeGuard 6.00 and have rolled out a standalone policy from the Enterprise console to non-domain PCs/laptops. In the policy I have enabled Local Self Help which functions great.

Now I can see LSH working in POA as long as I don't lock the machine. If I lock the machine I don't see LSH available as an option for recovery.

Presently we do not have the WebHelp Desk portal installed so that C/R functions. Is there another way (preferably for an admin to logon or other option in the policy creation from the Enterprise console) to unlock PC/laptop without having to initiate the C/R?

I would rathe not reload a PC from scratch everytime a user locks their standalone PC/laptop. Augments the number of allowed failed logons is not an option.

Thanks

This thread was automatically locked due to age.

ChrisD · Accepted Answer

Hi,

the required recovery information is based on the key recovery file of the SafeGuard Client. This file is generated during deployment of the Sophos SafeGuard encryption software.

In case the file is rejected with "Invalid key recovery file", it is either corrupt in structure / unreadable (tip: verify that it was not accidentally encrypted using file based encryption like SafeGuard Data Exchange - you should be able to read the tags in the xml file, like <DataRoot><BAKINFO><MKEK_C> etc) or

it was not generated from a SafeGuard Client that belongs to your environment (e.g. was installed using a different Client configuration package).

Do you have multiple environments?

Regards,

ChrisD