|Encrypt data / Initial encryption|
On network shares initial encryption cannot be automatically triggered by means of a policy setting. As a security officer you can run initial encryption for network shares from a computer that has the SafeGuard Enterprise endpoint software installed and has access to these shares using the SGFileEncWizard.exe command line tool.
On a computer with SafeGuard Enterprise you can find the tool in <SYSTEM>:\Program Files (x86)\Sophos\SafeGuard Enterprise\Client\
You can call SGFileEncWizard.exe with the following parameters:
SGFileEncWizard.exe [<startpath>] [%POLICY] [/V0 | /V1 | /V2 | /V3] [/X] [/L<logfile>]
For initial encryption on network shares, you must explicitly specify every network share to be encrypted. Only these paths will be processed. Specify the paths in UNC notation to avoid issues with different drive letters for mapped network shares. Only absolute paths are allowed.
Parameter /V0: Do not report any messages.
Parameter /V1: Log errors only.
Parameter /V2: Log modified files.
Parameter /V3: Log all processed files.
Parameter /L<path+logfile name>: Write the output to the specified log file.
Parameter /X: Hide the wizard's window.
SGFileEncWizard.exe \\my-filer-1\data1\users \\my-filer-1\data2 %POLICY /V3 /X /LC:\Logging\mylogfile.xml
Initial encryption is performed for files in \\my-filer-1\data1\users and \\my-filer-1\data2. The wizard will not be displayed and information on all processed files is written to mylogfile.xml.