What needs to be considered when deploying policies during installation, including possible side effects.
Known to apply to the following Sophos product(s) and version(s)
SafeGuard Device Encryption
All supported operating systems
What To Do
Points for consideration:
- If an encryption policy is integrated in the package it is only possible to encrypt volumes with the defined machine key.
- If the encryption process starts/completes and the machine has not yet reached the server but becomes inaccessible for whatever reason it will not be possible to perform any kind of recovery for this machine (data loss!). This is a situation that would be most likely to affect offline Clients.
- If the Client can contact the server after the installation and receives a policy from the server the initial settings will be overridden. If there is no policy assigned yet in the SafeGuard Management Center, the client will receive an empty (default) policy. In any case this policy from the server (empty or not) will override the installation policy! The only exception is that the encryption settings which were made before will not be overwritten.