This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Disable SafeGuard encryption on Windows 7 Professional - no domain integration - policies applied from root

Our SafeGuard management center is not integrated into active directory. All computer and user entries are under root within the "auto registered". Policies are applied from root currently. How would I go about decrypting a Windows 7 professional computer with these settings? I'm unable to apply different policies to computers because they're all under root. How would I go about re-structuring things so that I could have a group within root that can be decrypted? This is how we were setup working with Sophos. Any help would be great. Thank you



This thread was automatically locked due to age.
Parents
  • It's still all possible to do without AD.

     

    I would recommend you create workgroups. Right Click the top root and select Create new workgroup (Auto Registration).

     

    I would then put each Windows laptop into that same workgroup.

     

    The PC's should then move themselves into the correct workgroup within the console.

     

    From here you could assign PC's into groups of policies or assign them to each one - really depends on how many PC's you have.

     

    I would take the same opportunity to create a decryption/uninstall group too. Create a group (RCLICK - new group) and call this "_Decrypt_Group". I've prefixed it with an "_" to make it appear at the top of the hierarchy and be neater! Create a policy (or a policy group if more than one setting from multiple categories) and Apply this to the root but ONLY to members of the group "_Decrypt_Group". That way the policy can be applied to ANY computer, but ONLY if they're in the group!

     

    Hope this helps a little?

     

    Michael

Reply
  • It's still all possible to do without AD.

     

    I would recommend you create workgroups. Right Click the top root and select Create new workgroup (Auto Registration).

     

    I would then put each Windows laptop into that same workgroup.

     

    The PC's should then move themselves into the correct workgroup within the console.

     

    From here you could assign PC's into groups of policies or assign them to each one - really depends on how many PC's you have.

     

    I would take the same opportunity to create a decryption/uninstall group too. Create a group (RCLICK - new group) and call this "_Decrypt_Group". I've prefixed it with an "_" to make it appear at the top of the hierarchy and be neater! Create a policy (or a policy group if more than one setting from multiple categories) and Apply this to the root but ONLY to members of the group "_Decrypt_Group". That way the policy can be applied to ANY computer, but ONLY if they're in the group!

     

    Hope this helps a little?

     

    Michael

Children
No Data