Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 5 subscribers
  • Views 13782 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

File encryption on Mac OS X, keys won't be synced

Herbert McFadden

I try to be a good user and open a separate thread for every issue I run into. If this is not common here let me know and I'll put it all in once.

 

I've create a file encryption policy to encrypt files that will be saved on a shared drive. The policy defines that the share has 3 different subfolders for each of these folders another encryption key is used.

When I log into my windows machine it works fine. Applying the same settings to the mac doesn't work though for me. The policy is bound to a parent OU, Macs and Windows PCs are separated in OUs below that. I've set up 3 test users in the user pane on both computer objects.

I've applied my management package to the Mac after installing the FileEncryption module. The connection to the server seems to be fine, in the server tab of the Sophos SafeGuard software on the Mac I see informaton regarding my server and the company certificate. However in the Keys pane there is only the message "your user account hasn't been verified" and the policies tab is empty.

Edit: Another minor issue is that I am prompted for my safeguard/AD password after logging in. Is there a SSO option?

Edit2: Okay I just noticed where I can confirm my users, they were stuck in the .unconfirmed Users group since Safeguard didn't recognize em as AD accounts. I am getting some keys now but not the ones I am using for my policy. The policies pane is still empty though. Still appreciate any pointers for troubleshooting! :=)



This thread was automatically locked due to age.
Parents
  • 0

    Morning Herbert. On my phone so will reply again when I’m on my PC.

    I’m taking it your Mac isn’t bound to AD, or if it is you’re logging into it with an independent account?

    Your user is then isn’t known to Sophos and needs to be added/verified.

    On the console under users and computers and on the left under the root will be a container called Unconfirmed users. You should find your orphaned username in there. Right click it and confirm user.

    Damn, just seen in the edit! Will reply more once I’m back at the PC....

  • 0 in reply to MichaelMcLannahan

    Thanks for your reply Michael.

    I am using Centrify to bring my Mac to Active Directory and I haven't found anything on how Centrify and SafeGuard work together yet, I was assuming it would work.

     

    I figured out that SafeGuard doesn't recognize the Mac as a domain computer object so applying the policy to the OU doesn't take effect. I've applied the OU to the local object of the Mac and I can see the policy in the SafeGuard settings on the Mac now. I even pushed the keys I need to the user so I can decrypt/read ecnrypted files on my share.

     

    However I cannot encrypt files. When I save a file on the share it will not be encrypted automatically. Seems to be a small leap looking back to where I started. Maybe you guys can help me make the final jump :)

  • 0 in reply to Herbert McFadden

    I know you'll have done this but you have installed the File Encryption package as well as full disk on the Mac?

  • 0 in reply to MichaelMcLannahan

    Yes both packages are installed (by accident though)

    Is that wrong/good?

Reply Children
Unfiltered HTML