This article explains how to use SGNRollback.exe to repair a failed SafeGuard Enterprise installation.
Apply to the following Sophos product(s) and version(s)
SafeGuard Device Encryption
What To Do
The SGNRollback tool (which is available in the "tools" folder of the product delivery) can be started from a recovery system, either WindowsPE 2.0 or BartPE, to repair a broken installation. The process is mostly automated.
-drv WinDrive drive letter with SafeGuard Enterprise installation to be repaired
This parameter can only be used in recovery mode and has to be used on multi-boot environments where it is not possible for the tool to find the correct drive itself.
The SGNRollback tool can only repair an unsuccessful endpoint installation if the following pre-conditions are true:
- Power on authentication (POA) freeze during first boot
- Hard drive is not encrypted (a migration scenario from SGE to SGN is not supported)
After starting the SGNRollback tool from the recovery system the first step is:
- Prepare the operating system from a recovery system: The system has to be prepared so that after a reboot into the operating system's Safe Mode, SafeGuard Enterprise can be uninstalled.
After the first step is finished the user is asked to remove the recovery device. After this the machine will be rebooted into the Safe Mode of the operating system:
- Uninstallation and cleanup in operating system safe mode: After a reboot in the operating system Safe Mode we clean the system so that no settings from our recovery tool are left, and initiate an uninstallation of SafeGuard Enterprise by starting the msi files.
The SGNRollback tool is deployed as a single executable without installation.
The end user is responsible for integrating the SGNRollback tool into the recovery system (WindowsPE or BartPE). It can be started manually in the recovery system or added to the autostart of the recovery system.