This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Encrypt user profile and problems with license


I am computer administrator. I have to implement SafeGuard in my organitation.

I did it but I have some problems.

The instalation was correct. Comunication with database is OK and everything works but by mistake I used a Device Encryption policie Full disc encryption to encrypt one computer without take a look before to the license. Then I excedeed one license:

I removed the computer from the active directory imported tab in the SafeGuard management center, I uninstall all packages in the client and the Hard disk was Decrypted automatically.

But the problem is that when I restart the right police with the File encryption and import the computer and install all packages again the system show me that the license is excedded again.

The client computer it is not ecrypted and in the SMG the computer it is not ecrypted neither.

I tryed in another computer and now I have exceeded 2 license.

I discovered that by default Root have all policies activated, and I erase them.

I show you the configuration of policies, I think it is ok. I don't know why does not works.


I created a new package with the new polices


Thanks for the help.

This thread was automatically locked due to age.
  • Hi Oscar, 

    Please login to one of the machines where you have this issue (The test machine you tried after creating the package) and follow the instruction below:

    1. Go to Control Panel | Programs & Features | Sophos Safeguard Client 8.xx.x

    2. Right click and choose Change.

    3. Click Next (on the following screen as well)

    4. Click Change.

    5. Check the component installed.

    From this screen, you can identify the component installed on the machine. If the Full Disk encryption is installed you have to deselect it and install the Location Based File Encryption by proceeding further with it. Please do share the screenshot of the Component installed if possible. Let me know if this helps resolve your issue.

    Haridoss Sreenivasan
    Technical Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • Perfect!

    Thank you very much Haridoss Sreenivasan.

    Can't "uncheck" disk encryption. I had to uninstall and install again.





    It works fine, but my boss told me to encrypt too local users. I am not sure if this can be possible because SafeGuard Management center works with Active Directory. Co you know if can do it?


  • Hi Oscar,

    Good to know that the License issue is taken care. About encrypting the local users, please do brief about it. So that I can help you with that.

    Haridoss Sreenivasan
    Technical Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

Reply Children
  • Well the topic is how to encrypt local Windows users in the client computer. The SafeGuard manager Center can assign polices to diferent users, groups, computers, but all is about Active Directory. 

    The current policy shows: the system (system32) I think is usefull 

    and the user profile.

    But How to applay to local profiles like: Adminstrator.


    Thank you very much!

  • There is an issue now I see...

    The File encryption policy of <system> (C:\Windows\system32) does not works.

    If I force the policy the system search all files but it omit them.

    User profile works perfect. Even I created another policy only for system32 and does not work.

  • Hi Oscar, 

    The File encryption policy of <system> (C:\Windows\system32) does not work. File Encryption is user based, it is used to secure user data and user files but not for drives. System Drive Encryption only sense with BitLocker or Safeguard Volume Based Encryption. If you want to encrypt certain directories File Based, that's ok but for Windows Directories there is a hard coded exception rule in our encryption driver.

    You can check the excluded directories using the command below:

    C:\Program Files (x86)\Sophos\SafeGuard Enterprise\FileEncryption\fetool.exe RLS


    Haridoss Sreenivasan
    Technical Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • And what about encrypting Windows local users? is it possible?

    And I have another question:

    Is it necessary deploy "SafeGuard Enterprise Web Heldesk?. I deployed but I saw that it uses SSL security certificates. Is it necessary Web Helpdesk to manage tokens? if the user is wrong to enter the password he will call to our Help Desk and we will have to unlock the computer. Can we manage this using the saveguard Management Center?


    Thank you very much.


  • Well, I see that isn't necessary when user block acount, uses normally Active directory to unlock it.