Sophos SafeGuard Disk Encryption (SDE): SDE does not work properly with third-party software that requires user logon

  • Article ID: 58672
  • Rating:
  • 3 customers rated this article 1.0 out of 6
  • Updated: 27 May 2009

You experience one of the following symptoms and you have recently installed, uninstalled, repaired or disabled SafeGuard Disk Encryption or software from another vendor:

  • you cannot log in to Windows
  • you cannot lock your computer
  • your screensaver is not appearing
  • you cannot access your network via VPN
  • your login script does not work
  • after installing SDE and rebooting, your PC freezes
  • after rebooting your computer, you get the blue screen of death
  • after entering your user credentials, the login screen returns. The second time you enter your credentials, you can log in successfully.

Sophos product and version number
Sophos SafeGuard Disk Encryption (SDE)

What to do

Like some other software programs, Sophos SafeGuard Disk Encryption uses a customised Graphical Identification and Authentication (GINA) component that requires user authentication. These GINAs change the order in which programs load so that they can perform various tasks before Windows loads. When two or more software programs change the order of the boot sequence, you may experience one of the problems described above.

In order to resolve this problem, you must create a GINA cascade. Ideally, the SDE GINA should load first, then the third-party GINA, then the Microsoft GINA.

Please note: you may need to contact the third-party software vendor in order to identify the correct registry key. If you cannot find this information, please contact Sophos technical support.

To set the SDE GINA to load first, you must edit the following Windows registry settings, after reading this warning about editing the registry:


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"Original Gina"="xxx.dll" (where xxx is the name of the third-party GINA)

Special steps for loading VPN software GINAs

In order to connect a computer to its network, VPN software must log on to its domain before the SDE GINA is loaded. In this case, you must set the VPN software's GINA to load before the SDE GINA. You must also reset one of the SDE DWord values.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"GinaDLL"="xxx.dll" (where xxx is the name of the third-party GINA)


"Original Gina"="msgina.dll"

If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent