We'd love to hear about it! Click here to go to the product suggestion community
A computer already encrypted by other product encryption..how do I manage it through sophos.is it possible?
In reply to SUBHASRI D:
Hi SUBHASRI D
Please refer to this article which provides SQL queries for a few of the reports which are not available as reports in the Safeguard management center. Apart from that, you can refer to this article which explains about reports. You can navigate on the document through the panel in the left hand side.
You can also easily produce inventory logs from the server, which will show client drive state (encrypted/not) and also encryption type, device last seen etc. No SQL queries are needed for this - it's built into the console.
In reply to MichaelMcLannahan:
Can you guide me through ,where can i find it in the console.
There is a tab for reports,but i need the logs of the users who are manged by safeguard management center.
This "basic" report doesn't contain users, but instead the devices. Click on the root of your domain (on the left) Select Inventory on the tabs on right. Click the magnifying glass (without entering a PC/hostname) This will list ALL devices that have reported into SafeGuard. Select one device (anyone - doesn't matter). File - Print Preview - "Calculating print area might take several mins" - Click OK" - When window opens - File - Export Document. Find format you need and save it to view later.
What data are you looking for with your users? The users of the console or users of the devices that have SafeGuard installed?
MichaelMcLannahan has already suggested the simple way to export the inventory of the Safeguard Management Center. Safeguard manages computers, not the users, so you'll find the computers in the inventory, not the users.
I am assuming that you want a report for the users who are assigned against the computers in the Safeguard. Please use the below SQL query which will help you to fetch users assigned to the computers:
use SafeGuardSELECT USR_ID, USR_LOGON_NAME, USR_FIRST_NAME, USR_LAST_NAME, USR_EMAIL, machines.*FROM(SELECT SGD_NAME,SGD_ID,UMA_USER_ID,SGD_DSN,SGD_SCHEMA_CLASS_NAMEFROM Safe_Guard_DIR INNER JOINUSR_MACHINE_ASSIGN ON Safe_Guard_DIR.SGD_ID = USR_MACHINE_ASSIGN.UMA_MACHINE_ID) AS MACHINES INNER JOIN USERS ON USERS.USR_ID = MACHINES.UMA_USER_ID
This query is mentioned in the KB article I provided to you above. Please refer to this KB once, so you'll aware about numbers of reports can be generated through the query.
In reply to Jasmin:
How to work with power on authentication in safeguard??And can only username & password can be the only way to boot the machine.
And one more query windows credential and safeguard credential i need as only one sign in.Is it possible??
POA is dependant on OS - It's no longer available in Win10. What OS are you referring to?
I'm afraid the second credential provider (Windows AND SafeGuard) will be visible. It is possible to hide the Windows one but I know this can have a strange impact on the system, and it's critical you appreciate what changes/impacts there are. I went down to route of educating users on "please use the Sophos Cog to log in from now on" approach.
You must also plan that if you should remove SafeGuard at any point (or you're unable to log in with SafeGuard owing to an error) you'll not be able to log into the machine.
If this not going to work on win 10 then how do I protect the drive in my machine?
What is the use of safeguard in power on authentication??
Windows 10 (and some versions of Win7/8) use BitLocker and it's this that is managed by Sophos SafeGuard. Previously in earlier OS Sophos did their own disk encryption and POA worked with that.
So SafeGuard will help you manage BitLocker and store the recovery keys within the console/SQL. The users will see the "standard" BitLocker screen when they power on their devices. They'll enter a PIN (if set by SafeGuard policy) or password (Windows 10 supports passwords for those devices without TPM) and/or TPM can be used. It's also possible to use a USB Startup key too - but my personal opinion is best to stick with TPM/PIN combination if supported.
Hope this helps and clarifies a little?
Please find the document for authentication policy which will help you to understand the options explained by Michael. POA only comes with Safeguard encryption but it is not needed after the arrival of Windows 10 as Microsoft has already provided the native encryption technology "Bitlocker". Now Safeguard only manages the Bitlocker for the drive encryption and so that if you want to put POA for those users, you can use options mentioned under "BitLocker Logon Mode for Boot Volumes".
let me be clear in what I actually need.
We are using Microsoft Windows 8, 10.
Please refer the below answers for your queries:
1. It is not possible to implement Username & Password Authentication instead of Bitlocker Password with any kind of Encryption software as in preboot authentication, the machine never has access to network service and hence user can't be authenticated against the AD.
2. If you have installed Safeguard Encryption on the client, you need to login to the Safeguard cred provider instead of Windows Cred provider as it syncs automatically clients to safeguard server on fix interval and generates user certificates. Safeguard Cred provider is not different, username and password for that will be the same as Windows username and password.