Skip to main content

Sophos Safeguard Enterprise Server

Connector name

agtsge

Connector type

Executable

Type (UI field value)

Sophos Safeguard Enterprise Server

Target system versions supported / tested

Bravura Security Fabric lists users and provides a method to obtain a challenge response for Sophos Safeguard Enterprise Server clients using the agtsge connector. On boot, Sophos Safeguard prompts for a password for the user using Power-on authentication. For systems with BitLocker enabled, a password is required to unlock the hard drive. This connector provides a means to retrieve the recovery code when a login recovery is needed.

Connector status / support

Bravura Security-Verified

This connector has been tested and is fully supported by Bravura Security.

Installation / setup

No client software is required; however the Bravura Security Fabric proxy server must be installed on the Sophos Safeguard server if the Bravura Security Fabric server is not on the same system as the Safeguard server.

The following Bravura Security Fabric operations are supported by this connector (depending on your product license and version):

  • user change password

  • administrator reset password

  • get server information

  • challenge response authentication

  • List:

    • accounts

Preparation

Before you can target Sophos Safeguard server, you must:

  1. Enable scripting on the Safeguard server. To do this, go to the Safeguard Management server, select Tools > Configuration Package Tool.. . and check Scripting allowed for the server.

  2. Import an Active Directory domain into the Safeguard server. This is required in order to auto-associate Safeguard users to the corresponding Active Directory account.

  3. Target the Active Directory domain as a source of profile IDs. See Active Directory for more information.

  4. Configure and manage at least one Safeguard client.

Installing client software

No client software is required; however the Bravura Security Fabric proxy server must be installed on the Sophos Safeguard server. This is not required if the Bravura Security Fabric server is on the same system as the Safeguard server.

Targeting Sophos Safeguard Server

For each Sophos Safeguard server, add a target system in Bravura Security Fabric (Manage the System > Resources > Target systems):

  • Type is Sophos Safeguard Enterprise Server

  • Address is a placeholder value, which is not used by the agent.

  • List of proxies to run connectors on is the proxy server that the Safeguard server resides on.

  • Automatically attach accounts is checked.

  • The administrator ID and password are the credentials of the Security Officer on the Safeguard server.

Troubleshooting

  • After performing a password reset, be sure to synchronize the Safeguard client in order for the reset to take effect.

  • Ensure that scripting is enabled for the Safeguard server; otherwise you may get an insufficient rights error. See Preparation for more information.

  • When obtaining a recovery code, ensure that the challenge code contains no spaces.

  • If a recovery code fails to be retrieved, this could mean that the user has not logged in to the Safeguard client yet. The user would need to obtain the recovery code from the web help desk or system administrator.

See also

Self Service Anywhere: Encrypted systems accounts describes how to use challenge/response in order to unlock an encrypted system/account.

In this section: