This article describes how to set up and apply a file encryption policy to a Mac OS X client using SafeGuard File Encryption for Mac.
Applies to the following Sophos product(s) and version(s)
Sophos SafeGuard File Encryption for Mac 6.10
Mac OS X 10.7.x, Mac OS X 10.8.x, Mac OS X 10.9.x
What To Do
There are 3 stages to the procedure required to create and apply a policy which will encrypt a local folder "Documents/Protected"stages on a Mac client.
- Use the SafeGuard Enterprise (SGN) Management Center (MC) to create the File Encryption policy.
- Assign the new policy "File Encryption for Mac" to the members of the domain/workgroup.
- Run the synchronization on the Mac OS X client and check the policies.
1. Use the SafeGuard Enterprise (SGN) Management Center (MC) to create the File Encryption policy
- Open the SGN MC and select the "Policies" tab.
- Create a new SGN File Encryption Policy "File Encryption for Mac".
- At the path table add the pre-defined entry <Documents>.
- Add the folder name Protected at the end (Example: <Documents>\Protected).
- Use the default option for Scope and Mode, which will encrypt all files including all subfolders.
- At the Key tab select a personal key (only the user will able to read the encrypted data).
2. Assign the new policy "File Encryption for Mac" to the members of the domain/workgroup
- Setup the Mac client as described in the Best Practice Guide for SafeGuard Enterprise 6.10.
- Select the domain or workgroup at the "Users and Computers" tab and open the "Policies" tab at the center window.
- Search for the "File Encryption for Mac" policy within the right window from the "Available Policies" tab and drag and drop from the right window to the center.
- Save the change using the save button or pressing Ctrl+S.
3. Run the synchronization on the Mac OS X client and check the policies
- At your Mac login with an Mac OS X user account.
- Open the Mac OS X "System Preferences" and choose "Sophos Encryption".
- Select the "Server" tab.
- Run the "Synchronization" once and wait a few seconds.
- Change to the "Users" tab; you should see the certificate information for the user.
- Change to the policies tab; select the "Received policies view" icon below the list of policies. You should see the new policy for "Documents/Protected".
- Select "Translated Policies View", the icon next to above one. You will not see the new "Documents/Protected" policy until the folder "Protected" is created.
- Open the finder and select the Documents folder.
- Create a new folder with the name "Protected".
- After that, you should get a new mount point "Protected_SECURED" folder at you desktop. You might need to activate "Connected servers" in your Finder Preferences.