Sophos SafeGuard File Encryption for Mac Administrator help

Sophos Safeguard File Encryption For Mac Administrator Help-Free PDF

  • Date:19 Nov 2020
  • Views:1
  • Downloads:0
  • Pages:27
  • Size:200.09 KB

Share Pdf : Sophos Safeguard File Encryption For Mac Administrator Help

Download and Preview : Sophos Safeguard File Encryption For Mac Administrator Help


Report CopyRight/DMCA Form For : Sophos Safeguard File Encryption For Mac Administrator Help


Transcription:

1 About Sophos SafeGuard File Encryption for Mac 3. 1 1 About this document 3,1 2 Terms and acronyms 3. 2 Installation 5,2 1 Installation prerequisites 5,2 2 Manual attended installation 6. 2 3 Automated unattended installation via remote management software 7. 3 Recommendations and limitations 8,3 1 Recommendations 8. 3 2 Limitations 8,4 Configuration 11, 4 1 Centrally administered configuration options 11. 4 2 Locally administered configuration options 11,5 Working with File Encryption for Mac 13.
5 1 How does encryption work 13,5 2 Initial encryption 13. 5 3 Password handling 14,5 4 Fast user switching 14. 5 5 Preference pane 14, 5 6 Sophos SafeGuard File Encryption system menu 18. 5 7 Command line options 19,5 8 Working with removable devices 22. 6 Troubleshooting 23,6 1 Forgotten Mac OS X login password 23.
6 2 Problems when trying to access data 23,6 3 SafeGuard recovered files 24. 7 Uninstallation from client 25,8 Technical support 26. 9 Legal notices 27,Administrator help,1 About Sophos SafeGuard File Encryption. Sophos SafeGuard File Encryption for Mac extends the data protection offered by Sophos. SafeGuard Enterprise from Windows to the Mac world It offers file based encryption on local. drives network shares removable drives and in the cloud. With SafeGuard File Encryption for Mac you can safely encrypt and decrypt files and exchange. these files with other users on Macs or Windows PCs. To read files encrypted by SafeGuard Enterprise on mobile devices use Sophos Mobile Encryption. for iOS or Android, In the SafeGuard Management Center you define rules for file based encryption in File Encryption. policies In these File Encryption policies you specify the folders that are to be handled by File. Encryption the encryption mode and the key to be used for encryption This central management. guarantees that identical folders and encryption keys are processed on different platforms. 1 1 About this document, This document describes how to install configure and manage Sophos SafeGuard File Encryption.
For detailed information on SafeGuard Management Center operation and policy settings refer. to the SafeGuard Enterprise Administrator help, For user relevant information refer to the Quick Startup Guide for Sophos SafeGuard File. Encryption for Mac,1 2 Terms and acronyms, The following terms and acronyms are used in this document. Term or acronym Meaning or explanation,FUSE Filesystem in user space see. http osxfuse github io, GUID Globally Unique Identifier a unique reference number. used as an identifier in computer software,Secured Folder.
A Secured Folder is a folder for which a rule was,created in the SafeGuard Management Center The. Sophos SafeGuard File Encryption for Mac,Term or acronym Meaning or explanation. rule specifies that the contents of the folder will be. SSL Secure Sockets Layer a cryptographic protocol that. provides communication security over the internet,Administrator help. 2 Installation, The following chapter describes the installation of Sophos SafeGuard File Encryption on Mac OS. X clients For a description of how to install the administration environment backend refer to. the SafeGuard Enterprise Installation Guide, Two Mac OS X client installation types are possible.
manual attended installation,automated unattended installation. Note If you have installed SafeGuard Disk Encryption 6 01 or earlier you have to uninstall it. before you can install SafeGuard File Encryption for Mac version 7. If you want to use SafeGuard File Encryption and SafeGuard Native Device Encryption called. SafeGuard Disk Encryption up to version 6 10 both need to be version 7 Using different versions. of these products on one Mac is not supported, The installer package is signed and OS X will try to validate this signature If there is a slow. internet connection or a misconfiguration you may have a delay of up to 20 minutes during the. installation procedure,2 1 Installation prerequisites. Before starting the installation make sure the SafeGuard Enterprise SSL server certificate has. been imported into the system keychain and is set to Always Trust for SSL. Note It must not be stored in the login keychain, 1 Ask your SafeGuard Server Administrator to provide you with the certificate for SSL file. certificate name cer, 2 Import the certificate name cer file into your keychain To do so go to Applications Utilities.
and double click the Keychain Access app,3 In the left pane select System. 4 Open a Finder window and select the certificate name cer file from above. 5 Drag the certificate file and drop it into the System Keychain Access window. 6 You will be prompted to enter your Mac OS X password. 7 After entering the password click Modify Keychain to confirm your action. 8 Then double click the certificate name cer file Click on the arrow next to Trust to display. the trust settings, 9 For Secure Sockets Layer SSL select the option Always Trust. 10 Close the dialog You will be prompted again to enter your Mac OS X password. 11 Enter the password and confirm by clicking Update Settings A blue plus symbol in the lower. right corner of the certificate icon indicates that this certificate is marked as trusted for all users. Sophos SafeGuard File Encryption for Mac, 12 Open a web browser and check that your SafeGuard Enterprise Server is available using. https servername SGNSRV,Now you can start the installation. Certificate import can also be done by running the command sudo usr bin security. add trusted cert d k Library Keychains System keychain r trustAsRoot. p ssl folder certificate name cer This can also be used for automated. deployment via script Change folder and certificate names according to your settings. If you want to bypass the process described above you can run the command sudo sgfsadmin. disable server verify see also Command line options page 19 We do not recommend. this option as it may create a security vulnerability. 2 2 Manual attended installation, A manual or attended installation allows you to control and test the installation while proceeding.
step by step It is performed on a single Mac, Make sure FUSE for OS X OSXFUSE version 2 7 0 or later is installed For more information. about FUSE for OS X and download options go to http osxfuse github io. Make sure the server connection has been properly set up as described in Installation prerequisites. 1 Open Sophos SafeGuard FE dmg, 2 After reading through the readme file offered double click Sophos SafeGuard FE pkg and. follow the installation wizard You will be prompted for your password to allow the installation. of new software The product will be installed to the folder Library Sophos SafeGuard FS. 3 Click Close to complete the installation, 4 Open the System Preferences and click the Sophos Encryption icon to show the product. 5 Click the Server tab, 6 If server and certificate details are shown skip the next steps and go to Step 11 and click. Synchronize If no information is shown continue with the next step. 7 Select the configuration zip file For a description of how to create a configuration package for. Mac endpoints see SafeGuard Enterprise Administrator Help Working with configuration. packages Create configuration package for Macs, 8 Drag the zip file to the Server dialog and drop it into the drop zone.
9 You will be prompted to enter a Mac administrator password Enter the password and click. OK to confirm, 10 Enter your Mac password to request your SafeGuard user certificate. Administrator help, 11 Check the connection to the SafeGuard Enterprise server Company certificate details are. shown in the lower part of the Server dialog Then click Synchronize A successful connection. will result in an updated Last Contacted time stamp Tab Server Server Info area Last. Contacted An unsuccessful connection will display the following icon. Refer to the system log file for further information. Refer to Server tab page 15 for more information on synchronization and server connection. 2 3 Automated unattended installation via remote,management software. An automated unattended installation does not require any user interaction during the installation. This section describes the basic steps for an automated unattended installation of SafeGuard. File Encryption for Mac Depending on the management solution you are using the actual steps. may vary Use your installed management software,Install the packages in the correct order. To install SafeGuard File Encryption for Mac on client computers perform the following steps. 1 Download the installer file Sophos SafeGuardFS pkg. 2 Copy the file to the target machines, 3 Install the file on the target machines If you use Apple Remote Desktop steps 2 and 3 are.
one single step, 4 Select the configuration zip file see SafeGuard Enterprise Administrator Help Working with. configuration packages Create configuration package for Macs for a description of how to. create a configuration package for Macs and copy it to the target machines. 5 Run the following command on the target machines. usr bin sgfsadmin import config full path to file zip. Change full path to file according to your settings This command needs to be run with. administrator privileges If you are using Apple Remote Desktop then enter root in the field. user name to specify which user issues the above stated command. 6 You can add additional steps to your workflow based on your specific settings e g shutting. down the target machines,Sophos SafeGuard File Encryption for Mac. 3 Recommendations and limitations,3 1 Recommendations. Reduce administration effort, Keep the number of mount points or Secured Folders as low as possible. Deactivate the option Require confirmation before creating a mobile account. If you create or use mobile accounts for Mac endpoints make sure the option Require. confirmation before creating a mobile account is deactivated With the option activated. the user could select Don t Create This would result in the creation of an incomplete OS X. user for example a user that does not have a local home directory. To deactivate the option perform the following steps. 1 Open the System Preferences and click on Users Groups. 2 Click the lock icon then enter your password,3 Select the User.
4 Click Login Options,5 Go to Network Account Server and click Edit. 6 Select the Active Directory Domain,7 Click Open Directory Utility. 8 Click the lock icon then enter your password and click Modify Configuration. 9 Select Active Directory and click the edit icon, 10 Click the arrow left beside Show Advanced Options. 11 Select Create mobile account at login and deselect the option Require confirmation. before creating a mobile account,12 Confirm with Ok. 3 2 Limitations, Maximum number of Secured Folders mount points on a client.
On each Mac OS X client you can have a maximum of 24 Secured Folders mount points If. more than one user is logged in on a single machine you need to add up the mount points. from all logged in users If you use other products on your Mac which are also using FUSE. for OS X you must consider these mount points too within the overall maximum number of. Permanent version storage is not available in Secured Folders. When opening a file which has been modified before from a Secured Folder the standard. functionality Browse All Versions is not available. Excluded folders,Administrator help, The following folders are excluded from encryption. Folders are excluded but not their subfolders,Root Volumes. User Profile,Folders as well as their subfolders are excluded. Root private,Root Applications,Root System,Root Library. User Profile Library,Removables SGPortable,Removables System Volume Information.
This means that for example an encryption rule for the root of an additional partition. Root Volumes has no effect although it will be shown as received policy. An encryption rule on Root abc will have an effect while an encryption rule on. Root private abc will not,Searching for files,Spotlight search. The Spotlight search does not work in encrypted files therefore it will not return any matches. when searching in Secured Folders,Labelled files, Searching for labelled files does not work in Secured Folders. Burning CDs,It is not possible to burn an encrypted CD. Sharing Secured Folders, A secured folder cannot be shared over the network For example if there is a rule on. Documents this folder can no longer be shared,Sophos SafeGuard File Encryption for Mac.
Deleting files, When deleting files from a Secured Folder mount point a message prompts you to confirm. the delete process Deleted files are not moved to the Trash folder and thus cannot be restored. SafeGuard Portable,SafeGuard Portable is not available for Mac OS X. Use of Time Machine, If you use Time Machine with an encrypted folder no old versions are displayed However. provided that you have enabled Time Machine the backups are there they are just hidden. Proceed as follows, Open Time Machine for example by typing Time Machine in the Spotlight search The. contents of your root folder will be displayed, Press Shift Command G for Go to the folder and enter the hidden path of the.
encrypted folder you want to restore Example If the encrypted folder you usually work. 5 4 Fast user switching 14 5 5 Preference pane 14 5 6 Sophos SafeGuard File Encryption system menu 18 5 7 Command line options 19 5 8 Working with removable devices 22 6 Troubleshooting 23 6 1 Forgotten Mac OS X login password 23 6 2 Problems when trying to access data 23 6 3 SafeGuard recovered files 24 7 Uninstallation from client 25 8 Technical

Related Books