To avoid errors during installation or problems accessing your encrypted data after encryption, there are a number of procedures you should perform before installing Sophos SafeGuard Disk Encryption (SDE). Installing encryption software on a hard disk that has not been adequately prepared may cause irrecoverable system errors later.
Step 1: Check for conflicts
Some software or system settings might conflict with SDE installation. If any of the following applies, ensure that you perform the necessary preparation before installing SDE.
Sophos does not support the use of boot managers. Therefore, you should re-install the system without the boot manager.
If you used disk imaging software to install the operating system, we recommend that you re-write the master boot record (MBR). Sophos SafeGuard Disk Encryption needs a 'spotless' master boot record and the imaging/cloning program may have affected the state of this record.
You can clean the master boot record on Windows 2000 or Windows XP by using the command fixmbr from within the Windows Recovery Console. On Windows 98, you can run fdisk /MBR from a bootable floppy.
If the boot partition has been converted from FAT to NTFS, ensure that you have rebooted the computer to reset the file system format before installing SDE.
Step 2: When you're ready to install
On each of your endpoint computers:
Ensure that all hard disks to be encrypted are connected to the motherboard (internal) or computer (external), are fully formatted and have a drive letter assigned.
Make a full backup of your data.
Use CHKDSK to check all the hard disks to be encrypted for errors using the following command:
chkdsk %systemdrive% /F /V /L /X
or, from My Computer, right-click the hard disk you want to check, select Properties and then, on the Tools tab, select Error Checking.
When chkdsk finishes, it will ask for a reboot. Once you've logged back into the computer, open the Application log in the Windows Event Viewer and look for an event with the Source "winlogon" and an ID of '1001'.
If the event log has any errors listed, run chkdsk again (with cleanup and repair options/switches selected) to verify whether the errors could be removed. If the errors could not be removed, refer to the Microsoft article listed below.
For more information, consult the Microsoft Technet knowledgebase.
Once these procedures have been performed on the computer, it is ready for SDE installation. To avoid errors and installation roll back, do not attempt to change the hard disk configuration or the file system and do not connect/disconnect removable media until the encryption process is complete.
Once installation has completed, the system will require a reboot. It will require another reboot after the encryption process has been completed. The next time you reboot the system, the PBA will be displayed.
If you encounter errors during installation, please see Sophos SafeGuard Disk Encryption (SDE): error codes and their meanings.