Functionality "simplified remote logon"

  • Article ID: 109255
  • Updated: 18 Jun 2009


Product
Sophos SafeGuard Disk Encryption 4.60

Client OS

Windows 2000 Professional SP4, Windows XP SP3

Server OS

None

Question

The generated Response Code is not accepted during PBA. There has not been an error typing it in. How exactly does simplified remote logon work?

Answer

There should be at least three Sophos SafeGuard Disk Encryption users on the computer on which this function is to be used. If you are only using the SYSTEM and USER standard users there is no point using this function. It is also not possible for a user with the "simplified remote logon" right to first generate a challenge for themselves during PBA and then generate a response code on the second computer.

In a normal situation only the "simplified remote logon" function should be activated for that user.

Purpose: Let's suppose that a company has outsourced its IT support to a service provider. The password for the SYSTEM user remains under lock and key. The service provider's helpdesk only gets the Sophos SafeGuard Disk Encryption user's user ID and password with "simplified remote logon". This guarantees that the sensitive SYSTEM password is not issued to an external company and that the service provider can still help the end users when required.

A Sophos SafeGuard Disk Encryption user for whom the "simplified remote logon" option is active must also have at least the "Change user settings" right. If there are other Sophos SafeGuard Disk Encryption users (apart from SYSTEM) who have other rights, the user who has the "simplified remote logon" option must at least (!) have the same rights.

Example:
The end user has the right to switch diskette encryption on and off and has forgotten their SDE password. However the Sophos SafeGuard Disk Encryption user for the Helpdesk only has the right to change user settings. If the Helpdesk now resets the user's password or wants to make a one-time login possible the response code generated for them is rejected!

Reason: Although the Helpdesk Account has the right to reset the password they do not have the right to switch diskette encryption on and off.

Please note: As of version Sophos SafeGuard Disk Encryption 4.60 this feature is now called "Issue abbreviated C/R code"


keywords: sde

 
If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent

Comments