University of Rochester Sophos SafeGuard Encryption for Windows Support Guide

Similar documents
How To Encrypt A Computer With A Password Protected Encryption Software On A Microsoft Gbk (Windows) On A Pc Or Macintosh (Windows Xp) On An Uniden (Windows 7) On Pc Or Ipa (Windows 8) On

SafeGuard Enterprise Web Helpdesk. Product version: 6 Document date: February 2012

SafeGuard Enterprise Web Helpdesk

SafeGuard Enterprise Web Helpdesk. Product version: 6.1

SafeGuard Enterprise Tools guide

SafeGuard Enterprise Tools guide. Product version: 6.1

How to enable Disk Encryption on a laptop

SafeGuard Easy startup guide. Product version: 7

STATISTICA VERSION 10 STATISTICA ENTERPRISE SERVER INSTALLATION INSTRUCTIONS

Install Sophos SafeGuard Native Device Encryption on Mac OS X

Sophos SafeGuard Native Device Encryption for Mac Administrator help. Product version: 7

Understanding Backup and Recovery Methods. Lesson 8

How to Encrypt your Windows 7 SDS Machine with Bitlocker

Sophos Disk Encryption License migration guide. Product version: 5.61 Document date: June 2012

HP Personal Workstations Step-By- Step Instructions for Upgrading Windows Vista or Windows XP Systems to Windows 7

DriveClone Server. Users Manual

A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e. Chapter 3 Installing Windows

ZENworks 11 Support Pack 4 Full Disk Encryption Agent Reference. May 2016

How To Manage Hard Disk Partitioning In Windows (Windows 8) (Windows 7) (Powerbook) (For Windows 8) And Windows 8 (Pro) (Winstone) (Probation) (Perl

Passport installation Windows 8 + Firefox

SafeGuard Enterprise upgrade guide. Product version: 7

Below are the instructions for downloading the Dartfish Software Files from the website:

NTLDR is missing. Below are the full error messages that may be seen when the computer is booting.

Windows BitLocker Drive Encryption Step-by-Step Guide

In order to enable BitLocker, your hard drive must be partitioned in a particular manner.

A+ Guide to Managing and Maintaining Your PC, 7e. Chapter 16 Fixing Windows Problems

UltraBac Documentation. UBDR Gold. Administrator Guide UBDR Gold v8.0

Encrypting with BitLocker for disk volumes under Windows 7

Full Disk Encryption Pre-Boot Authentication Reference

2. To encrypt the drive for future use, click Yes (Fig 1, 2). This will start the encryption process.

Sophos SafeGuard Native Device Encryption for Mac quick startup guide. Product version: 7

Type Message Description Probable Cause Suggested Action. Fan in the system is not functioning or room temperature

Human Resources Installation Guide

HP RDX Continuous Data Protection Software Quickstart Guide

How to Make a USB Bootable

Hyper-V Protection. User guide

Using BitLocker to encrypt a Windows 8 device

STATISTICA VERSION 9 STATISTICA ENTERPRISE INSTALLATION INSTRUCTIONS FOR USE WITH TERMINAL SERVER

2.6.1 Creating an Acronis account Subscription to Acronis Cloud Creating bootable rescue media... 12

McAfee Endpoint Encryption for PC 6.2

Motion Computing Tablet PC

Full Disk Encryption Agent Reference

VMware Horizon FLEX User Guide

Passport Installation. Windows XP + Internet Explorer 8

SecureDoc for Mac v6.1. User Manual

McAfee Endpoint Encryption 7.0 Users Guide and FAQ

Quick Start Guide. Version R91. English

Symantec PGP Whole Disk Encryption Hands-On Lab V 3.7

SafeGuard Easy upgrade guide. Product version: 7

Vess A2000 Series. NVR Storage Appliance. Windows Recovery Instructions. Version PROMISE Technology, Inc. All Rights Reserved.

Activation Key usage and Windows 7 Professional installation guide

User Guide. CTERA Agent. August 2011 Version 3.0

Recovering Encrypted Disks Using Windows Preinstallation Environment. Technical Note

Scan to PC Desktop: Image Retriever 5.2 for Xerox WorkCentre C2424

TOSHIBA GA Printing from Windows

PC Angel. Recovery. Page 1

Microsoft Windows 7 Ultimate 64 Bit SP1 Operating System Recovery Media for 300 GB Solid State Drives Instructions

Carry it Easy. User Guide

Windows 7. Tips and Tricks. Scott Sekinger

YubiKey OSX Login. yubico. Via Yubico-PAM Challenge-Response. Version 1.6. October 24, 2015

Troubleshooting Guide

SafeGuard Enterprise 5.50 Installation

Using the Xenium-OS V2.0

Reborn Card NET. User s Manual

IBM Rapid Restore PC powered by Xpoint - v2.02 (build 6015a)

Ocster Backup - Rescue System

Maxtor OneTouch User's Guide

Driver Updater Manual

Acronis Backup & Recovery 10 Advanced Server SBS Edition. Installation Guide

Sophos SafeGuard Disk Encryption for Mac Startup guide

System Area Manager. Remote Management

The Carbonite Appliance HT10 User Guide

USB Bare Metal Restore: Getting Started

SSD Firmware Update Utility Guide

User Guide Software Version 2.1.0

Table of Contents. Rebit 5 Help

Intelligent disaster recovery. Dell DL backup to Disk Appliance powered by Symantec

BounceBack User Guide

Acer erecovery Management

NTI Backup Now EZ v2 User s Guide

Introduction 1-1 Installing FAS 500 Asset Accounting the First Time 2-1 Installing FAS 500 Asset Accounting: Upgrading from a Prior Version 3-1

Updates Click to check for a newer version of the CD Press next and confirm the disc burner selection before pressing finish.

Software License Registration Guide

Using the IPMI interface

Administering FileVault 2 on OS X Lion with the Casper Suite. Technical Paper July 2012

DriveClone 10. Users Manual

Changing Your Cameleon Server IP

Utimaco SafeGuard Easy Installation Instructions for Notre Dame installer v2.5

Image Backup and Recovery Procedures

PigCHAMP Knowledge Software. Enterprise Edition Installation Guide

1. Set Daylight Savings Time Create Migrator Account Assign Migrator Account to Administrator group... 4

How to Install Microsoft Windows Server 2008 R2 in VMware ESXi

Computer Backup Issues For Windows 8

User guide. Business

Microsoft Diagnostics and Recovery Toolset 7 Evaluation Guide

WINDOWS SERVER 2008 OFFLINE SYSTEM RECOVERY USING WINDOWS SERVER BACKUP WITH NETWORKER

McAfee Endpoint Encryption for PC 7.0

ATTENTION: End users should take note that Main Line Health has not verified within a Citrix

Dual-boot Windows 10 alongside Windows 8

Transcription:

Sophos SafeGuard Encryption for Windows Support Guide University Information Technology Security & Policy September 15, 2015 Version Date Modification 1.0 September 15, 2015 Initial guide 1.1 1.2 1.3 1.4 1.5 1.6

Contents 1.0 Too many invalid logon attempts... 3 2.0 Decrypting the Hard Drive/Uninstall Sophos... 4 3.0 Device Recovery... 5 A. Recovering Data by slaving Hard Drives... 5 B. Recovering/Restoring a Client with broken MBR (Master Boot Record) using WinPE... 7 C. Retrieving data using Virtual Client... 10 4.0 Windows 8/8.1 MBR recovery... 16 5.0 Reinstall... 17 2

1.0 Too many invalid logon attempts If a user consecutively enters an incorrect password 16 times for a Windows system that is not bound to the UR domain, Sophos will put the computer into pre- boot authentication mode before Windows will boot. Follow the steps below to remove pre- boot authentication. There are different steps for different OS versions. For Windows systems that are bound to the UR domain, the domain account will lock at 15 attempts and the account will need to be unlocked in Active Directory or the user must wait 30 minutes for the account to automatically unlock. Windows 7 Professional System will be in a pre- boot state. In order to unlock a machine that has exceeded the maximum number of logins, follow the steps below. 1. A HEAT ticket should be created following and include the following information: Name of the department IT staff member who owns the system Username of the account Name of the computer Assignment to category 2 specified as Security Call typed specified as Full Disk Encryption Specific details regarding the issue 2. A Security staff member will contact the user to walk them through the pre- boot process. 3. A challenge code will be presented in which the Security officer will provide the response code which will allow the system to boot to Windows. Windows 7 Enterprise/Ultimate, Windows 8, or Windows 8.1 BitLocker Recovery 1. In pre- boot authentication on the computer hit the escape key to get to BitLocker recovery 2. When the pre- boot authentication screen prompt you for a recovery key, a HEAT ticket should be created and include the following information: Name of the department IT staff member requesting the recovery Username of the account Name of the computer Assignment to category 2 specified as Security Call typed specified as Full Disk Encryption Specific details regarding the issue 3. When a security member receives the ticket, they will contact the user and give them the recovery key. 4. On the pre- boot authentication screen, the user will enter the recovery key and then the system will boot to Windows. 3

2.0 Decrypting the Hard Drive/Uninstall Sophos In the event that you need to decrypt the hard drive, the following procedure can be followed. 1. A HEAT ticket should be created and include the following information: Name of the department IT staff member requesting the recovery Username of the account Name of the computer Assignment to category 2 specified as Security Call typed specified as Full Disk Encryption Specific details regarding the issue 2. When the security staff contacts you, log into the system with an account that has administrative privileges on that machine. 3. Right- click the Sophos SafeGuard icon on the taskbar, click on Synchronize and restart the computer. 4. After the computer restarts, right- click the Sophos SafeGuard icon in the taskbar and select Status. Ensure there are no packets waiting for transmission. 5. For this part there are different steps depending on the OS version you re using Windows 7 Professional: 1. Go to the start menu on the lower right hand corner 2. From the menu click on Computers 3. Right click on the drive that should be decrypted 4. Choose Encryption Decryption from the context menu. Windows 7 Enterprise, Windows 8, or Windows 8.1: 1. Go to the start menu 2. Search for BitLocker and click on manage bitlocker 3. Go to BitLocker and turn it off; when prompted for decryption, click on decrypt drive 6. After the decryption is finish go to programs and features 7. Uninstall Sophos SafeGuard Preinstall first, then Sophos SafeGuard Client Configuration, and then Sophos SafeGuard Client in order to completely uninstall Sophos 4

3.0 Device Recovery UR Sophos SGN for Windows Support Guide Under certain circumstances, Microsoft Windows may fail to boot up. The reason for this can be an incompatibility with software on the system, a dying a hard drive, or a virus infection. In such a situation, authentication to the hard drive in general is possible. The available disaster recovery options vary depending on the Full Disk Encryption and platform, which was chosen Recovery Options Win 7 Pro Win 7 Enterprise Windows 8 Windows 8.1 WinPE Yes No No No Slaving of encrypted drive Yes Yes Yes Yes Challenge/Response Yes Yes Yes Yes BitLocker recovery that requires BitLocker recovery key No Yes Yes Yes SafeGuard Enterprise offers different ways of accessing and recovering data depending on the situation: A. Recovering Data by slaving Hard Drives Due to the fact that SafeGuard Enterprise has flexible key management, it is possible to assign the key that was used to encrypt the drive to a different user and attach the hard drive with an external USB connector to a machine that should have access to the data e.g. the Administrator PC. Slaving a drive that is encrypted is done like this: 1. Take the drive that should be accessed out of the affected system and plug it into an USB hard drive converter. 2. Attach the USB converter to a machine that has SafeGuard Enterprise installed. 3. Under My Computer the drive will be displayed with a red key icon which indicates that the drive is encrypted but the key is not available. 4. In order to check which key was used right click on the drive and select Properties. Open the Encryption tab. Within this tab the Unique Key ID will be displayed. 5

5. Should the key not be displayed, perform steps a- d below; otherwise, proceed with step 6: a. Browse to Tools folder in the installation source of SafeGuard Enterprise b. Copy the complete folder KeyRecovery and Restore to the local machine that should gain access to the drive c. Open the folder and start RecoverKeys.exe d. All connected drives will show up. The key ID of the attached drive is displayed and can now be searched in the Management Center 8. A HEAT ticket should be created and include the following information: Name of the department IT staff member requesting the recovery Username of the account Name of the computer Assignment to category 2 specified as Security Call typed specified as Full Disk Encryption Specific details regarding the issue 6

9. Logon to Windows with the user to whom the key was assigned. It might require an additional reboot until access to the drive is possible. 10. Attach the USB connector to the machine. The drive will be recognized as an external media. Access is now available just as to a normal hard drive. B. Recovering/Restoring a Client with broken MBR (Master Boot Record) using WinPE Problems with the MBR can be resolved using the SafeGuard Enterprise recovery tool BE_RESTORE.exe. This tool is a Win32 application and must run under Windows - not under DOS. A faulty MBR loader will mean an unbootable system and can have effects like shown in the following pictures: The MRB can be restore in two ways using the pre available WinPE disk with integrated SafeGuard Enterprise drivers. Restoring MBR with an existing MBR Repairing the MBR without 7

Creating a bootable device for a WinPE image In order to restore the MBR it is required to boot the system using the correct WinPE ISO with the correct driver version of SafeGuard. Go to <<directory path here>> to get the ISO image, when the image is available there are different ways to boot it up: Burn the ISO file to a CD Use a third- party software to create a bootable USB with the ISO Restoring MBR with an existing MBR Backup A HEAT ticket should be created and include the following information: Name of the department IT staff member requesting the recovery Username of the account Name of the computer Assignment to category 2 specified as Security Call typed specified as Full Disk Encryption Specific details regarding the issue When the security staff receives the ticket, they will export the backup on to a USB stick. After receiving the USB boot up a WinPE image with the USB attach. As soon as the image is loaded select Be_restore in the AC43 file browser. Now select the option to repair the MBR and load the backup file from the USB stick. As soon as the process is completed, restart the machine and check if booting is possible now. Repairing the MBR without Backup Even when there is no MBR backup file available locally, BE_Restore.exe can repair a damaged MBR loader. The BE_Restore.exe repair option locates the SafeGuard Enterprise kernel on the hard disk, uses its address, and re- creates the MBR loader. This is highly advantageous, especially as there is no need for a computer specific MBR backup file locally. However, this will take longer because BE_Restore.exe has to carry out a time consuming search for the SafeGuard Enterprise kernel on the hard disk. To use the repair function in Be_Restore, follow the Restoring the MBR using WinPE process described above, but this time select Repair MBR instead of Restore MBR. Be_Restore will then search the SGN kernel on the hard disk. 8

If more than one kernel is found when using the BE_Restore.exe repair option MBR with the most recent time stamp is restored. 9

C. Retrieving data using Virtual Client SafeGuard products offer the possibility to recover data in case a machine is unbootable. This means that the POA does not start any more or access to the system is not possible for some reason. In such a case, it is possible to recover data using an external boot media such as a WinPE CD. Since the drive is encrypted, it is required to use a WinPE CD with the correct driver version of SafeGuard Enterprise. In order to complete, the next sections please create a WinPE CD based on the SafeGuard product version in use. A HEAT ticket should be created and include the following information: Name of the department IT staff member requesting the recovery Username of the account Name of the computer Assignment to category 2 specified as Security Call typed specified as Full Disk Encryption Specific details regarding the issue When a security staff sees the ticket, they will create a virtual client and export a file call recoverytoken.tok to a removable media. Booting the system using the WinPE disk Make sure that the boot sequence in the BIOS- settings allows booting from a CD or USB flash drive. After that put the CD or USB flash drive in to the computer and start the system. The bootable WinPE disk will load without any user interaction and an integrated file manager comes up once the load is completed. At a glance, you can see the mounted volumes and CD/DVD drives. In this example when selecting the encrypted Volume D: no files and folders are displayed. 10

UR Sophos SGN for Windows Support Guide In the virtual environment, ensure that the USB flash drive with the recoverytoken.tok file stored on it has been mounted correctly during startup. In this example, the USB flash drive was mounted to the drive F: University of Rochester 11

Browse to the Removable Media and select the recoverytoken.tok file. Next step is to copy this file to the SGN- Tools folder on the WinPE which shows up as volume X:\ (Boot). Using the implemented file manager, there are several ways to copy the recoverytoken.tok file from the USB flash drive to the drive X: into the folder X:\Tools\SGN- Tools, where the RecoverKeys.exe is located. You can copy the file recoverytoken.tok e.g. by drag and drop (see the picture above) copy and paste using the menu option Edit - Copy to Folder. Once the file is copied, open the KeyRecovery Tool with a single click on the KeyRecovery symbol. You can find this at the bottom of the File Manager in the section Quick Launch. 12

The KeyRecovery tool starts and displays the Key ID of each encrypted Drive This Key ID will be utilized later. Therefore, write down the first five characters of the ID. Select Import By C/R This will generate a challenge code. 13

Provide the challenge code to the University IT Security & Policy staff member. After the University IT Security & Policy staff member provides the response code, enter the code into the KeyRecovery tool. 14

Once the process has been completed successfully select the read enabled volume (in this case D:\) in the file manager window. Once the C/R is done all files and folders of drive D:\ are visible in the file manager. Drive D: is read enabled now and access to the data stored on this partition is reconstituted. 15

4.0 Windows 8/8.1 MBR recovery For any machine running BitLocker as its encryption, WinPE will not be able to recover the MBR. In order to recover the data Windows recovery is required. Follow these steps in order to recover MBR and be able to boot up: 1. Disable secure boot in BIOS (If enabled) 2. Request recovery key from Security and Policy 3. Boot using Windows 8/8.1 install medium 4. Use recovery key to unlock the drive 5. Try to use automatic repair, if that doesn t work use the advanced options with command prompt. Basically here we are renaming the BCD and then rebuilding it. diskpart list disk select disk 1 list volume select volume 4 (This is our FAT32 partition) assign letter b: exit cd /d b:\efi\microsoft\boot bootrec /fixboot ren BCD BCD.bak bootrec /fixmbr bootrec /fixboot bootrec /rebuildbcd If this fails, run: bcdboot c:\windows\system32 /s b: /l en- us /f ALL 6. Once fixed reboot machine this time try to boot the OS. Note: If your machine doesn t have a pre- boot pin you should be all set, if you do continue with the following: 7. Your current pin will not work and you will be forced to use the recovery key to get to the OS. 8. Once the OS is booted, log in. 9. Wait for Sophos to synchronize with the server, you should then see a popup from Sophos Safeguard asking for you to change you Pin, make sure the Windows installation media has been removed from the machine. 10. Once Pin has been changed, reboot the machine. 11. Verify new Pin works. 12. Log into Windows. 13. If secure boot was enabled previously reboot the machine and enable the setting again. 16

5.0 Reinstall UR Sophos SGN for Windows Support Guide In the event that a problem persists on the machine, a complete reinstall may be required to fix the issue. If a reinstall is required, follow these steps below in order to have a fresh install. 1. A HEAT ticket should be created and include the following information: Name of the department IT staff member requesting the reinstall Username of the account Name of the computer Assignment to category 2 specified as Security Call typed specified as Full Disk Encryption Specific details regarding the issue 2. After a Security staff contacts you and adds your machine to the Decrypt and Uninstall policy, log on to the client with an administrative account, synchronized the machine using the Sophos icon the bottom right corner. 3. Go to Control Panel > Bitlocker drive encryption and Turn off BitLocker 4. Once bitlocker had finished decrypting, go to programs and features and from there you should see three Sophos programs install. 5. Uninstall Sophos SafeGuard Preinstall first, then Sophos SafeGuard Client Configuration, and then Sophos SafeGuard Client in order to completely uninstall Sophos. 6. Reboot and then run checkdisk to do this, open Windows Explorer, right- click on the C: drive and select Properties. Click the Tools tab and then click Check Now under the Error checking area. Click on the Start button. 7. Have the security staff remove your machine from the decrypt and uninstall policy 8. On the client, go to Start > All Programs > Accessories > Run 17

9. Type tpm.msc, and then press Enter 10. A TPM console should appear, Click on Clear TPM 11. Install Sophos (Link to the Sophos install guide) 12. Make sure the device Synchronizes, it may reboot, and start encrypting. 18

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information