This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Encryption Windows 10

Hello

I am installing Sophos Safeguard Version 7.0.2 on a Windows 10 laptop.  This is my first as the rest of the environment is still at Windows 7.  The install goes smoothly and

the laptop talks to the Sophos server however does not begin encryption automatically as the Windows 7 machines do.  I do notice that the method is set to Bitlocker mode.

I have been able to manually run Bitlocker and it talks back to the server acknowledging  the encryption.  I guess the question is this normal or should the Bitlocker auto

encrypt.  Also I do not see the normal pre boot Sophos login screen just the manual code you set when creating Bitlocker encryption.  Thanks.  



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi Nathan,

    There's no POA on Windows 10, it's replaced by the BitLocker PIN/Password.
    What's happening there is perfectly normal, SafeGuard can take over the BitLocker encryption if manually enabled, however you can get SafeGuard to encrypt the machine for you automatically.

    The following criteria needs to be met for BitLocker machines:
    BitLocker Drive Encryption must be installed and activated.
    ■ If TPM is to be used for authentication, TPM must be initialized, owned and activated.
    ■ To install BitLocker Drive Encryption support, either deactivate User Access Control (UAC) or
    log on with the built-in Administrator account.
    These GPOs also need to be set:
    ■ To use "TPM + PIN", "TPM + Startup Key" or "Startup Key" please enable the Group Policy "Require additional authentication at startup" either in Active Directory or locally on computers.
    ■ To use "Startup Key", you must also tick the checkbox "Allow BitLocker without a compatible TPM" in the Group Policy.
    ■ To use "TPM + PIN" on tablets, you must also enable Group Policy "Enable use of BitLocker authentication requiring preboot keyboard input on slates".

    I hope that helps Nathan, please let me know if you need anything further.

  • Could you elaborate more clearly in a step-by-step fashion for installing SafeGuard on a Win10 laptop?

    I have a new Dell Ultrabook E7470 with Windows 10 Pro.  I installed the 7.00.2.23 agent.  I installed the cert for the server.

    I did not understand the above instructions.  I did not activate Bit Locker because I interpreted the instructions as just installing SafeGuard and it would turn on automatically.  This did not happen.  The status is that it has not even communicated with the server for the policy.

    Besides installing the pre-install and the client install and rebooting, what else do I need to do?  I have sync'd SafeGuard with AD to make sure it's up-to-date with the new machine name and new user name.

    Adam in DC

Reply
  • Could you elaborate more clearly in a step-by-step fashion for installing SafeGuard on a Win10 laptop?

    I have a new Dell Ultrabook E7470 with Windows 10 Pro.  I installed the 7.00.2.23 agent.  I installed the cert for the server.

    I did not understand the above instructions.  I did not activate Bit Locker because I interpreted the instructions as just installing SafeGuard and it would turn on automatically.  This did not happen.  The status is that it has not even communicated with the server for the policy.

    Besides installing the pre-install and the client install and rebooting, what else do I need to do?  I have sync'd SafeGuard with AD to make sure it's up-to-date with the new machine name and new user name.

    Adam in DC

Children