When trying to save the Key Backup files of a SafeGuard Easy or SafeGuard Enterprise Standalone Client, the user has to enter credentials for the defined network share.
Applies to the following products
SafeGuard Easy 5.x and above
SafeGuard Enterprise Standalone Client 5.50 and above
The network share wasn't configured with the correct access permissions.
What To Do
- Create a network share SafeGuardRecoveryKeys$ (or similar name) with this permission:
- Create a group SafeGuardRecoveryKeyAccess (or similar name) to add the users who will perform the Security Officer duties (e.g. Challenge/Response).
- Set the following NTFS permissions on the specified directory:
- Everyone: Create files - The Sophos SafeGuard computer running in the context of the logged in users is allowed to add files, but cannot browse the directory, delete or read files. (Note: The "Create Files" permission is available in the Advanced Security Settings of a directory.)
- SafeGuardRecoveryKeyAccess: Modify - All users displayed in the Permissions dialog are allowed to read, delete and add files.
- Administrators: Full Control
- Remove the permission inheritance on the directory to ensure that the above permissions are not accidentally overwritten.
The resulting permissions are the intersection between NTFS permissions and share permissions.
As the NTFS permissions are more restrictive, they eventually overrule weaker permissions.