• Contacts
  • Contact Details
  • Contact Us
  • Home
• Mobile Computing
  • Lap-Top Security
  • PDA Security
  • Enterprise Mobile Solutions
  • Mobile Solutions for Public Sector
• Solutions for email
  • Email Archiving
  • Webroot E-mail Filtering Service
  • E-mail Firewalls Anti-SPAM
  • Anti-Virus
• The NHS
  • Agenda For Change
  • A4C Seminar Program
• Security Solutions
  • Remote Access SSL VPN
  • Password & Identity Management
  • Internet Firewall
  • Secure DNS Server
  • Document Collaboration
  • Web Content Management
  • E-commerce
  • Alumni Membership
  • Network File Encryption
  • USB Memory Drives
  • Smart Cards & Single Signon
  • Aladdin eToken
  • URL Web Filter
  • Fault Tolerant IP
  • SSL Acceleration
  • Tape Backup
  • Network Storage
  • Wireless Networking
  • Domain Names
• Resources
  • Library
  • Product Data Sheets
  • Customer Projects
  • Articles & Links
  • Credit Card Systems
  • Nominet T&C's
  • Accessibility
• Site
  • Home
  • News
  • Events
  • Contact Details
  • Contact Us

SafeGuard Easy 4.30

Content

What is New

Update

General Information and Hints

Known Problems and Limitations

What is New

Version 4.30.0 of SafeGuard Easy has the following important new features:

Support for PBA-level authentication via fingerprint sensor with IBM/Lenovo PCs equipped with UPEK fingerprint sensors

Support for PBA-level authentication via RSA SID800 token

Support for PBA-level hibernation with encrypted operating system partition and S-ATA hard disks

Prepared for support of LANDesk software management integration

The SafeGuard SmartCard GINA is now installed by default.

The support for the new PBA-level authentication devices is provided by an additional ‘Add-on Setup Package’, which is contained in the product CD.

Please refer to the manual and online help for details on the new features and enhancements.

Update

It is possible to migrate from earlier versions of SafeGuard Easy (4.11 and newer) to version 4.30. To find out how to do so, please refer to the manual and the online help.

Please update the SafeGuard Easy server first before you update the client.

General Information and Hints

PC Card Drives (PCMCIA)

SafeGuard Easy does not support PCMCIA drives.

Using IDE & SCSI drives

SafeGuard Easy can not be installed on systems in which the boot partition is located on a SCSI drive. At boot, hard drive 0 is always a SCSI drive (through the BIOS configuration). After booting Windows changes the sequence of the hard drives and hard drive 0 then becomes the first IDE drive. SafeGuard Easy can not handle this (implicit) renumbering and the system will run into a BSOD with the STOP code 07B.

Using S-ATA & IDE drives

This configuration is supported by SafeGuard Easy as long as the first IDE drive remains hard drive 0.

Virtual drives

SafeGuard Easy does not support virtual drives.

Boot CD

The installation CD is bootable and boots the operating system FreeDOS. The booted floppy disk image contains all files to be used for a SafeGuard Easy emergency disk.

All files needed to create such an emergency CD can be found in the TOOLS folder on the installation CD.

Hibernation und Encryption

Hibernation does not work correctly if encryption or decryption of a hard disk or hard disk partition has not yet completed.

Lenovo ThinkVantage Rescue and Recovery

‘Rescue and Recovery’ (RnR) must be installed before SafeGuard Easy is installed. Otherwise you must run the WinPERepair.exe and MBRSync.exe utilities after installing Rescue and Recovery. If Windows has been started again after an RnR session was started on the service partition then do not uninstall SafeGuard Easy immediately. Instead do another reboot, otherwise the service partition will remain the active partition.

Lenovo ThinkVantage Fingerprint Sensor

If the ‘ThinkVantage Fingerprint Sensor’ (TFS) software is running and the user logs on to the computer and operating system using their fingerprint, SAL must not be installed and running.

Known Problems and Limitations

Shutdown with Running Decryption

It is not possible to perform a Windows shutdown while decryption is running (as part of the deinstallation process). If you turn off your computer for this reason during decryption, you may need to resume deinstallation by calling the SafeGuard Easy deinstallation routine one more time.

Update of Server

The update of the SGE server may fail under certain circumstances. In this case, please click the file ‘SGESRV.reg’ from the installation directory, and re-start the ‘SafeGuard Easy Server service’, or reboot the system.

Cancellation of Deinstallation

If deinstallation of SafeGuard Easy is cancelled via the ‘Cancel’ button, under rare circumstances (i.e., the add-on setup has been executed before), your system may become corrupt.

Dead keys

The user ID of a SafeGuard Easy user must not include one ` or one ´ without the other character in the pair. Otherwise it is not possible to perform a successful logon.

LS120 ZIP drive

Access to an encrypted LS120 medium fails. After encryption, these media may not be readable any longer.

SD Card Reader

The SafeGuard Easy Administration will hang sometimes when you try to set encryption for a removable device of type ‘SD card reader’.

TwinBoot

If you plan to use this feature, the two bootable operating systems must be installed before you install SafeGuard Easy.

SGE1509

The installation of SafeGuard Easy will fail with this error code, if SafeGuard Advanced Security is already installed on the target PC and the user does not have the right to access the floppy drive.

MessageID:64

This message is displayed very briefly in the status line when you start the Configuration File Wizard.

Token PIN

The PIN for a token must not contain a special character such as German accented characters (ö, ä , ü, etc.). If it contains a character of this kind, it is not possible to logon to a Windows application.

Windows 2000 Partitions

With Windows 2000, all bootable partitions are visible and accessible although the SGE boot manager is active.

Dynamic Disks

SafeGuard Easy must not be installed on dynamic disks. These are not supported.

Notebook and Docking Station

Certain docking stations include a second hard disk, so that in some cases this disk becomes disk 0 when the notebook is docked. By default (notebook undocked), the built-in disk is disk 0. This kind of configuration is not supported, and installation will fail on these systems.

Multi-user Operation under Windows XP

SafeGuard Easy will not install correctly when a second user is logged on under Windows XP.

Windows Encrypted File System (EFS)

You must not install SafeGuard Easy into a directory that is encrypted with EFS.

RAID Systems

SafeGuard Easy does not support RAID systems besides hardware RAID 0.

Partitions beyond 8GB

If a PC is not able to boot partitions beyond 8 GB, an installed SafeGuard Easy system will crash if the SafeGuard Easy kernel has been stored beyond this boundary (by installing it using a CFG file with the parameter SgeKernelInstDrive=x) and if, at the same time, the option "Do not change MBR" is set.

DCOM Error Messages

In the Windows event log you may find error messages concerning DCOM after installation of SafeGuard Easy. These messages are not important and will be corrected in an upcoming version of SafeGuard Easy.

NT Backup System State Restore

NT Backup system state restore currently does not work if SafeGuard Easy is installed.

Windows PE and External USB Hard Disks

If an external USB hard disk drive is connected and Windows PE is started on an IBM Service Partition containing ‘Rescue and Recovery’, a BSOD occurs if. In most cases, Windows PE can be booted subsequently without any problems. After booting regular Windows and subsequently Windows PE, the same error does reoccur.

Aladdin eToken

An Aladdin eToken is not detected within the PBA on certain notebooks of the IBM/Lenovo T series (e.g. T43) if the token has not already been plugged in at power-on time.

Toshiba Tecra S1 and Compaq Setup Partition

If SafeGuard Easy has been installed on a Toshiba Tecra S1 with the setting ‘Support for Compaq Setup Partition’, the operating system can not be booted anymore.

Token Support and USB Hard Disks

On some machines, the operating system does not boot if SafeGuard Easy has been installed with the setting ‘Token Logon’ and a USB hard disk is connected to the machine.

Hard Disks Greater than 8 GB and Compaq Setup Partition

If  SafeGuard Easy has been installed with the setting ‘Support for Compaq Setup Partition’ and the SafeGuard Easy kernel was stored on a position on the disk beyond 8 GB, the operation system does not boot anymore after encryption has been applied.

Update

The update/upgrade process stops and fails, if the update/upgrade configuration file is located in the

SafeGuard Easy installation directory.

Compaq Setup Partition

Do not activate ‘Support for Compaq Setup Partition’ (only possible when generating a configuration file for re-installation of SafeGuard Easy), since this will cause the error message "Operating system missing". This switch is only necessary for certain older PC models from Compaq.

List of Forbidden Passwords

The list of passwords that can be imported, must not be in UNICODE format. This may cause unexpected program behavior and crashes in SGEADM.

Empty Directory

When SafeGuard Easy is installed, an empty folder called C:\APPLICATIONS is created.

Warning Message ‘Configuration Manager’

If you look at SafeGuard Easy Control's properties in the Windows 2000 or XP Services Manager, the system displays the error message "Configuration Manager: The device access number entered corresponds to no device present." This message has no effect on the operating system or applications and can be ignored.

Rights Transfer with User Switch

With SafeGuard Easy, the attempt to assign user rights from one SGE user to another fails, if a Windows user switch is performed, during which the new Windows user logs on with a smartcard and if the SafeGuard Easy user credentials (name & password) are stored on this smartcard.

TPM Machine Binding on IBM/Lenovo PCs

SafeGuard Easy TPM Machine Binding does not work with IBM/Lenovo ‘Client Security Solution’ (CSS) version 6.00. Please install CSS version 6.01 or greater.

Deinstallation with Microsoft ‘OneNote 2003’ Installed

If the Microsoft program ‘OneNote 2003’ is installed and active, deinstallation of SGE may fail. If, however, the ‘OneNote’ process is removed via Task Manager, SGE can be deinstalled. The activity of ‘OneNote’ as process cannot necessarily be concluded from the Taskbar entries. Once ‘OneNote’ is no longer active (i.e. removed from the Autostart folder), SGE can be deinstalled regularly.

Oberursel, 22.09.2006

USB Memory Stick

Manage & control the use of USB Flash Memory Drives and other Plug and Play devices

Single Signon

Manage user's password access to multiple applications with single sign on module.

Application Rights

Manage user's use of multiple applications with Application Specific Access Rights module.

File and Folder encryption

Multi-User rule based cross platform file and folder encryption that's easier to manage than Microsoft's EFS.

Removable Device Encryption

Private Disk virtual disk encryption for enterprise scale removable media data security.

Removeable Media Management

Control and manage the use of CD-ROMs and other removable media with SafeGuard Advanced Security removable media management module.