This article describes the purpose and use of kernel backup. It also discusses the use of backups of the Sophos SafeGuard Disk Encryption kernel.
Known to apply to the following Sophos product(s) and version(s)
Sophos SafeGuard Disk Encryption
Windows 2000 Professional SP4, Windows XP SP3
- Version 4.x
After Sophos SafeGuard Disk Encryption is installed using the default settings, the next thing that normally happens is that the Sophos SafeGuard Disk Encryption Kernel Backup Wizard will be launched. While this wizard is considered somewhat of a nuisance by some users, we recommend very much to backup the Sophos SafeGuard Disk Encryption kernel for each machine individually and on a regular basis.
- Version 5.x and above
After installation, make sure that endpoint computers are restarted twice to activate Power-on Authentication. They must be restarted for a third time to perform a backup of the kernel data on every Windows boot. Make sure that endpoints are not suspended or hibernated before the third restart to successfully complete the kernel backup.
The purpose and use of kernel backup
Consider a scenario in which the SYSTEM password has become known by a certain user. This user now changes the SYSTEM password on his machine. The new password will not be known by the IT administrator. A couple of weeks later, the user of this laptop returns from vacation and cannot remember either his own password or that SYSTEM password (which he changed some weeks ago). As a result, the user can no longer authenticate to the PBA. Of course there is important data on the machine.
In this case, the IT administrator could use a Sophos SafeGuard Disk Encryption kernel backup from that machine, which was taken at a time before the SYSTEM password had been changed and which correspond to the "official" SYSTEM password.
Another scenario where it is good to have a backup of the Sophos SafeGuard Disk Encryption kernel is when the hard disk is suffering from physical damage. Over the time, the number of defective sectors increases. If, by chance, a physical defect occurs within the range of the Sophos SafeGuard Disk Encryption kernel, it can happen that a user will not be able to log on to the PBA anymore. Theorectically, the entire disk could now be copied to a new hard disk, but of course the defective sectors will not be copied - including those sectors which contain the Sophos SafeGuard Disk Encryption kernel.
The only way to access data on the new hard drive would be to restore the corresponding Sophos SafeGuard Disk Encryption kernel backup on the new hard drive.
109236 How to automate the Sophos SafeGuard Disk Encryption kernel backup?
109327 Data recovery in the event of a hard disk crash