Sophos SafeGuard Disk Encryption 4.60
Windows 2000 Professional SP4, Windows XP SP3
How to get access to a Sophos SafeGuard Disk Encryption secured system if the Windows password is unknown and the password needs to be changed using password sync?
We have two users:
1. Domain user named "domain" with password "test"
2. Sophos SafeGuard Disk Encryption user named "Sophos" with password "secure"
The customer now gets back from holiday and has forgotten his password.
To solve this situation the following steps need to be performed:
1.Create a new windows password for "domain" using the password reset function of Windows 2003 Server.
The new password now is "temp"
2. Create a challenge response code that allows the user to change the password of "Sophos" from "secure" to
After changing the password the boot process will continue. The Sophos SafeGuard Disk Encryption SAL tries to logon the user
"domain" into the windows domain using the old password "test". This fails and user is prompted to type in a new
windows password. Type in the new password for windows which was created in step 1 -> in this case "temp".
Now the Sophos SafeGuard Disk Encryption synchronisation process starts and the user is prompted for his Sophos SafeGuard Disk Encryption password. At this point the password that was created in step2 has to be entered -> this will be "encryption".
The next time the user boots up the system following credentials need to be entered at PBA level to log on:
User ID: Sophos
The system then will automatically pass trough to the users desktop.
The user does not have to change the password again after performing above mentioned solution!
The user can create a new (secure) password during the challenge response process.