Prepare for SafeGuard Full Disk Encryption with POA

 FDE

Before you deploy SafeGuard Enterprise, we recommend that you prepare as follows.

  • A user account must be set up and active on the endpoints.
  • Make sure that you have Windows administrator rights.
  • Create a full backup of the data on the endpoint.
  • Drives to be encrypted must be completely formatted and have a drive letter assigned to them.

  • Sophos provides a hardware configuration file to minimize the risk of conflicts between the POA and your endpoint hardware. The file is contained in the encryption software package. We recommend that you install an updated version of this file before any significant deployment of SafeGuard Enterprise. For more information, see Sophos knowledge base article 65700.

    You can help us improve hardware compatibility by executing a tool that we provide to collect hardware relevant information only. The tool is very easy to use. The collected information is added to the hardware configuration file. For more information, see Sophos knowledge base article 110285.

  • Check the hard disk(s) for errors with this command: chkdsk %drive% /F /V /X

    After that, you need to reboot your system.

    Important Do not start the SafeGuard Enterprise installation without completing this reboot!
  • Use the Windows built-in defrag tool to locate and consolidate fragmented boot files, data files, and folders on local volumes.
  • Uninstall third party boot managers, such as PROnetworks Boot Pro and Boot-US.
  • If an imaging tool was used to install the operating system, we recommend you to "re-write" the master boot record (MBR).
  • If the boot partition on the endpoint has been converted from FAT to NTFS and the endpoint has not been restarted since, restart the endpoint once. Otherwise the installation might not be completed successfully.
  • For SafeGuard Enterprise clients (managed) only: Check whether there is a connection to the SafeGuard Enterprise Server. Select this web address in Internet Explorer on the endpoints: http://<ServerIPAddress>/sgnsrv. If the Trans page shows Check Connection, connection to SafeGuard Enterprise Server has been successfully established.

For further information, see Sophos knowledge base article 108088.