Prepare for installation of encryption software

As well as ensuring that computers meet the general system requirements, you must perform further steps before you can install software on them automatically.

To prepare computers for installation of encryption software:

  1. Make sure that drives encrypted with third-party encryption software have been decrypted and that the third-party encryption software is uninstalled.
  2. Create a full backup of the data.
  3. Check if a Windows user account with credentials is set up and active for the user on the endpoint computer.
  4. Make sure that the computer has already been protected with Sophos anti-virus software before you deploy full disk encryption.
  5. Uninstall third-party boot managers, such as PROnetworks Boot Pro and Boot-US.
  6. Check the hard disk(s) for errors with this command: chkdsk %drive% /F /V /X. You might be prompted to restart the computer and run chkdsk again.

    You can check the results (log file) in Windows Event Viewer:

    • Windows XP: Select Application, Winlogon.
    • Windows 7, Windows Vista: Select Windows Logs, Application, Wininit.
  7. Use the Windows built-in defrag tool to locate and consolidate fragmented boot files, data files, and folders on local drives: defrag %drive% .
  8. If you have used an imaging/cloning tool on the computer, clean the master boot record (MBR). Start the computer from a Windows DVD and use the command FIXMBR within the Windows Recovery Console. For further information, see: http://www.sophos.com/en-us/support/knowledgebase/108088.aspx.
  9. If the boot partition on the computer has been converted from FAT to NTFS, and the computer has not been restarted since then, restart the computer. If you do not do this, the installation may not complete successfully.
  10. Open Windows Firewall with Advanced Security, using the Administrative Tools item in Control Panel. Ensure that Inbound connections are allowed. Change the Inbound rules to enable the processes below:

    Remote Administration (NP-In) Domain

    Remote Administration (NP-In) Private

    Remote Administration (RPC) Domain

    Remote Administration (RPC) Private

    Remote Administration (RPC-EPMAP) Domain

    Remote Administration (RPC-EPMAP) Private

    When installation is complete, do one of the following:
    • If you do not want to install any further features on the endpoints and want to continue using Windows Firewall, you may disable the process again.
    • If you want to install any further features on the endpoints, leave the processes enabled until all features are installed.