Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update. Please follow knowledge base article 133945
Learn about the Benefits of Multi-Factor Authentication (MFA). Turn your MFA on now!
We'd love to hear about it! Click here to go to the product suggestion community
Dear kind users,
I feel super dumb asking this question but I can't seem to find how to do this or where it is described.
I am evaluating the SafeGuard Encrytpion solution for my company with a trial license and I'm seem to be unable to apply rule/rulesets to Active Directory users groups or computers
I haven't found any ressources with screenshots or detailed explanations on how to do this and I appreciate any pointers in the right direction.
Hi - Yes all possible to do.
You can have AD based groups as well as SG ones too - I have it configured this way to add more flexibility than just AD groups.
Your first stage will se syncing with your DC host (or another server you wish to replicate AD from)
Once AD is mirrored in SG you can then assign policies to the users and groups accordingly. These are applied at the top of the structure.
You can manually create groups too, but if you have AD - I'd use that in preference for computers and DEF for users!
This guide may help more
So - Select an OU/container you wish to apply a policy to (you've already created the policy?)
Drag it in from the right hand side onto the Policies tab.
AUTOMATICALLY this will be assigned to ALL authenticated users AND computers that reside in this container!
If you do not want this to be the case - Drag both those objects out of the bottom half and drag in who you DO want it to apply to (if it isn't all as above)
You may for instance want to create a group of computers that CAN decrypt their own drive (lets say they travel a lot to China or something!)
You could apply this policy to ALL computers (if applied at the right level) but then choose a group to apply this to. So if you're in the group "China" this applies to you - everyone else gets the policy, but it's void/ignored because they're not a member of this group.
There's also the NO OVERIDE option - FORCE this regardless even if there's a conflicting policy. Useful sometimes when you know you've applied multiple policies to the same container.
Finally - make good use of RSOP (Resultant set of policies), as in what does the client actually get after all these settings. This can be used with a user AND computer or just computer.
Hope this helps a little?
In reply to MichaelMcLannahan:
Thanks for the hint! It does help. I did find it as well not long before I saw your post. When you work at a computer screen for years you get blind for some spots. I ran into another issue but I'l give it some time before I cry about it this time :)
In reply to Herbert McFadden:
Great, good news! You're very welcome.
What other issue have you run into Herbert? I've run into more than a few with my experiences so far so myself or someone else may be able to help?
All the best
I've opened a new post about the issue here https://community.sophos.com/products/safeguard-encryption/f/sophos-safeguard-products/97992/file-encryption-on-mac-os-x-keys-won-t-be-synced
I know this is an older thread but Im having the same trouble trying to setup an AD group with a policy in Sophos Safeguard.
Im not sure what I might be doing wrong but when I go to users and computers and select the AD group I want to apply the policy to I dont get the same tabs you have. No Policy tab or Inventory or POA Group assignment tab. My tabs are Key Members Member of and Access. Also there are no policies listed on the right hand side to drag over.
Any help is appreciated.
In reply to Charles Breite:
light-bulbs! I found that by clicking on the OU as stated in your solution I can then see the tabs and fields required to set the policy. I was clicking on the group itself. Thanks for the write up! It got me where I needed!
Great news, well done!
Was going to answer your post tonight so sorry for the delay, but yes that’s exactly right. You can use this method to assign a different policy to each OU.