Challenge/Response for Sophos SafeGuard Clients (standalone)

SafeGuard Enterprise also provides Challenge/Response for unmanaged endpoints (Sophos SafeGuard Clients standalone), when the user has forgotten the password or entered the password incorrectly too often. Unmanaged endpoints never have any connection to the SafeGuard Enterprise Server, not even temporarily. They operate in standalone mode.

Recovery information needed for a Challenge/Response is in this case based on the key recovery file. On each unmanaged endpoint, this key recovery file is generated during deployment of the SafeGuard Enterprise encryption software. The key recovery file must be accessible to the SafeGuard Enterprise helpdesk, for example on a shared network path.

To facilitate searching and grouping of the recovery files the files will carry the name of the computer: computername.GUID.xml in their file names. This allows for wild card search with asterisks (*), for example: *.GUID.xml.

Note: When a computer is renamed, it will not be renamed accordingly in the computer's local cache. The local cache stores all keys, policies, user certificates and audit files. The new computer name therefore has to be removed from the local cache so that only the previous name will remain, even if a computer is renamed under Windows.