If a SafeGuard Enterprise user is assigned to multiple machines, following a password change, the password (that is required at POA) is not updated on all the other clients until they have synchronized with the SafeGuard Enterprise Server.
Known to apply to the following Sophos product(s) and version(s) SafeGuard Device Encryption
Operating systems All supported Operating Systems
The reason for this is that SafeGuard Enterprise creates a certificate and a .p12 for every user that is a "SafeGuard Enterprise POA user". The user authenticates to the POA using his Windows password. If the password is changed at Windows level, a new .p12 file is created at the server and sent back to the Client. This file is then sent to the POA which allows the user to authenticate to the POA with his new password. In order to send the new password to the POA, the client needs to be running. The POA cannot receive any data from external sources. As a result of this, a client will always use the old Windows password until a connection to the SafeGuard Enterprise Server is established so that the new .p12 can be sent to the Client.
To update the password on a client (in this example called Client 2) that was "offline" do as follows:
SafeGuard Enterprise: Password change scenarios
Cannot log on to POA with SafeGuard Enterprise even though the password you are typing is correct
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.