This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

(green horn) I want to set up file encryption only for specific location on network share (for test Virtual PC to start, then my dept full OU on AD.)

Hello all,

I am a green horn and am trying to configure this software for the first time ever.   I have no professional experience with this software and we did not hire support time.   What I have (some inherited) is the manager installed and connected to my AD, and can see within the manager tool my departments OU members and computers etc.  I have installed the client on a single Virtual PC that I can see again it in the AD interface screens.  What I don't have and have not seen is a good manual or set of steps that will lead me through what else I need to do to complete this project.  Based on what I have written (see subject):

 

Can anyone point me in the right direction for the best document that will give me some guidance?   ...I have been just guessing at this so far with 4 PDF documents are not much help.  when I key work search them I am not fining anything on specific file location etc. 8)  TIA.



This thread was automatically locked due to age.
  • Sorry about the delay Keith - I've been on annual leave!

     

    What version of SafeGuard are you going to/currently running?

     

    This web based manual is quite good but does miss some useful screenshots!

     

    https://docs.sophos.com/esg/sgn/8-0/admin/en-us/webhelp/index.htm#concepts/Installation.htm

     

    This is V8 and you may have the more common V7 - If you could confirm which version and then we can all advise further.

     

    You would apply policies based on OU to accomplish what you want to do but a little more info from you first would help me be more precise?

     

    All the best

  • Hello Michael,

    SafeGuard 8.00.0.251   8)

    What I am hoping to do is for my entire business office (just one OU) of hundreds at my work we have a common network share we use in the department office. In that share we want all files that are placed in a single sub-directory and all children directories+files auto encrypted. Based on my supervisors statements without regard to the file type. We want no users PC's encrypted, no entire disk etc. Thus I think we want location based file encryption, no cloud/no data exchange.

  • Yes, that's correct. To quote Sophos...

     

    - Application-based (Synchronized Encryption): Only files created with defined applications are automatically encrypted, and only these applications are allowed to read encrypted files.
    - Location-based: All files in defined locations are encrypted.
     
    You will need to set up the File Encryption policy - Set a path (Sophos recommend using UNC and not D:\myshare, scope (in your case "Include subfolders") Mode "Encrypt" and then select a key to be used. Personal key will use the key assigned to that user within AD or using browse you can select a shared key. This shared key though must be available on the workstations.
     
    I'm learning FE as I go and I'm not using it here yet, but I'm currently starting to set it up. It does look to be quite logical though and follows the steps you'd expect!
     
    Hope this helps?
     
     
    (Sorry - didn't want to set up any shares on this server so typed in a "fake" path of d:\test_fe. You would put the UNC here \\servername\sharename
     
     
     
     
  • So I have attempted to configure the form you show, added polices*, added them to a group policy.  In one policy I have added the file encryption path again like you suggested with UNC path. have added two test virtual PCs to a group, added myself to the security officers sub menu.   ...but I cannot get the policy to deploy.   I am not sure what I am missing.

     

    *I have a passphrase, pin, password, and file encryption policies.  I have added the two virtual systems to a group.   I am not sure where they link to policies...  TIA.  -KJ

  • oops PS I don't know what the "Tokens" menu is about, and the way my prior coworker linked AD I don't seem to be able to see users NID's however see all the PCs and local group info.  Is the NID required?

  • Morning Keith - You need to create a policy group for your policies and apply this group to an OU.

    You can assign individual policies but that might start to become difficult to manage, so I'd create groups and assign those.

    To assign a group to the OU drag the group onto the Policies tab within the console and click save.

    Refresh the client (resync) and it should then pull down the recently assigned policy.