Displaying the system status with SGNState

 WinClient

SafeGuard Enterprise offers the command-line tool SGNState for displaying information about the current status (encryption status and further detailed status information) of the SafeGuard Enterprise installation on an endpoint.

Reporting

SGNState can also be used as follows:

  • The SGNState return code can be evaluated on the server using third-party management tools.

  • SGNState /LD returns output that is formatted for LANDesk which can be saved to a file.

Parameters

You can call SGNState with the following parameters:

SGNState [/?] [/H/Type|Status] [/L] [/LD] [/USERLIST]

  • Parameter /? returns help information about the available SGNState command-line parameters.

  • Parameter /H Type returns additional help information about drive types.

  • Parameter /H Status returns additional help information about drive status.

  • Parameter /L shows the following information:

    Operating system

    Product version

    Encryption type [SGN | Opal | BitLocker | BitLocker-C/R | unknown or earlier version of SGN]

    Power On Authentication [yes | no | n/a]

    WOL (Wake on LAN status) [yes | no | n/a]

    Server name

    Second Server name

    Logon mode [SGN, no automatic logon | UID/PW | TOKEN/PIN | FINGERPRINT | BL (BitLocker)]

    Client activation state [ENTERPRISE | OFFLINE]

    Last data replication [date, time]

    Enforced cert-based token logon in POA [yes | no | n/a]

    FIPS mode enabled [yes | no ]

    User certificate type [0 | 1 | 2 | 3|n/a|?]

    Return code [return code]

    File encryption driver versions [driver versions]

    Volume info:

    Name Type Status Encryption method
    <name> [HD-Part | ...] [encrypted | not encrypted | ...] [<algorithm name> | n/a | ...]
    FLOPPY not accessible
    REMOV.PART stopped because of a failure
    REM_PART encryption starting
    HD-PART encryption in progress
    UNKNOWN decryption starting
    decryption in progress
    not prepared
  • Parameter /LD returns this information formatted for LANDesk.

    The output is similar to the output of /L, but each line begins with “Sophos SafeGuard”:

    Example:

    Sophos SafeGuard - Operating system = Windows 10 Enterprise

    Sophos SafeGuard - Product version = 8.20.0.64

    Sophos SafeGuard - Encryption type = BitLocker

    ...

  • If you call SGNState with parameter /USERLIST, additionally a list of all users in the UMA and the types of certificates assigned to them is displayed,

    Certificate type:

    0 no certificate is assigned to the user
    1 P7 certificate (for example Token logon with P12 on SmartCard)
    2 P12 certificate
    3

    P7+P12 certificate (normal SGN user)
    n/a the certificate type cannot be determined
    ? unknown certificate combination
  • Return code
    0 no volume has been encrypted
    1 at least one volume is encrypted
    -1 an error has occurred (for example, no SafeGuard Enterprise device encryption is installed)