README File for SafeGuard PrivateDisk 2.50.0
1. System Requirements
A desktop computer with Microsoft Windows XP (32-bit),
Windows Vista (32-bit, 64-bit) or Windows 7 (32-bit, 64-bit),
In each case the latest service pack.
2. Software Versions
SafeGuard PrivateDisk is available in three different versions:
- Demo Version: This is a fully functional Personal Edition for
evaluation purposes that works for 30 days without limitation.
After that, disks can only be mounted for read access until the
product is bought through the Sophos webshop. A splash screen
is shown, additionally, as long as the product has not been bought.
- Personal Edition: This is the basic version for single workstations.
- Enterprise Edition: This is for enterprise customers. It has the
following improvements over the Personal Edition:
+ Central administration through policies (administrative templates)
+ Improved certificate checking
- In Windows Vista and Windows 7, the formatting of new volumes
is time-consuming. The optimization is planned for the next release.
3. Version Information
SafeGuard PrivateDisk 2.50.0 contains the following improvements over
version 2.30.3:
- Reduced file operations in the background.
- "PDCMD.exe /new" corrected for background initialize.
- "PDCMD.exe /new" corrected. No more adding an administrator certificate
to the volume.
- Volume Files on removable media are marked as "hotplug" to disable
the write cache of the operating system.
- PDPortable performance for NTFS Volumes optimized.
- PDPortable problem on large NTFS Volumes on removable
media solved.
- PDPortable support for keyring implemented.
- Shell extension for 64 Bit operating systems corrected.
- New GPO attribute: maximum container size.
- New GPO attribute: container only allowed on specified directories.
- New branding for Sophos.
- New setup for Japanese.
SafeGuard PrivateDisk 2.30.3 contains the following improvements over
version 2.30.2:
- In some cases a damaged volume leads to an error while reading the header information.
- For users without administrator rights it was not possible to format a new volume file within the background initialization.
SafeGuard PrivateDisk 2.30.2 contains the following improvements over
version 2.30.1:
- The feature "simulate harddisk" was improved for Vista.
- For this version we recommend to uninstall the old software and reinstall the new version. Please do not perform an update installation.
- In this version we have the following limitation for Windows Vista: Volumes with the attribute "simulate fixed disk" can only be mounted by administrators, if they start the pdisk.exe with "run as administrator". For normal users the attribute "simulate fixed disk" is disabled.
SafeGuard PrivateDisk 2.30.1 contains the following improvements over
version 2.30:
- Error corrections.
SafeGuard PrivateDisk 2.30 contains the following improvements
over version 2.02.0:
- Support for 64 bit operating systems with a 64 bit driver. Tested with Windows XP, Vista and Server 2003.
- Increase in performance for initializing new drives.
- Interruption of initialization of new volumes is handled and continued at next restart.
- Support for Sophos keyring by SafeGuard Enterprise.
- Function to log off from master password.
- Recovery certificates are searched in HKLM and HKCU.
- Function to create a backup header via the context menu
- Support of NTFS volumes in portable reader. Compressed and encrypted drives from windows operating systems are not supported.
- Portable reader shows long filenames in FAT drives correct.
- Group Policies (GPO) are enhanced.
- Disabling of "Single Login" in the GPO.
- New GPO option "ForceUnmount".
- The portable reader will be copied to the volume file.
- In this version Portable Reader cannot open volume files which are protected with a keyring passphrase.
SafeGuard PrivateDisk 2.02.0 contains the following improvements
over version 2.01.0:
- The check box 'Add SafeGuard PrivateDisk Portable' in the 'New Disk
Wizard' is always enabled if PDPortable.exe can be found in the
application directory of SafeGuard PrivateDisk.
SafeGuard PrivateDisk 2.01.0 contains the following improvements
over version 2.00.1:
- New Disk Wizard contains a check box where you can select to
add the application PD Portable to the destination directory of the
newly created PrivateDisk volume in case it is located on removable media.
SafeGuard PrivateDisk 2.00.1 contains the following improvements
over version 1.11.1:
- Support of encryption algorithm AES-256.
To create disks compatible with versions before 2.00 you can still
use AES-128. To have the highest possible security level, create
a disk with AES-256.
- Support of more than one recovery certificate (Enterprise Edition only)
4. Installation
Administrative privileges are required to install the software.
Simply execute the SafeGuard PrivateDisk MSI package to install
the software.
It is possible to install the software on a network location. Note that
in this case some files might be left over in the installation directory
after uninstallation.
When installing the software with Active Directory (GPO), the
following issues should be considered:
- SafeGuard PrivateDisk can only be installed per computer
(Computer Configuration), not for single users (User Configuration).
- If a program package has a different language than the operating
system of the client machine, then the setting “Ignore language
when deploying this package” must be enabled for the package,
otherwise the software will not be installed automatically.
5. Notes
* Single Login Password
The single login password is not shared between the multiple
modules of SafeGuard PrivateDisk. If you mount some disks from
within the main application and some others using the tray icon or
the shell extension and you are using the single login feature, then
you will have to enter the single login password more than once.
* Recovery Certifcate (Enterprise Edition Feature)
The administrative template (ADM) of the Enterprise Edition can
be used to define a recovery certificate, which is added automatically
to new PrivateDisk volumes. This feature can be used by security
administrators to gain access to encrypted data of users, e.g. after
a user left the company or when users forget their passwords.
Note that the recovery certificate is only identified by its serial number,
which is not always unique (there might be multiple certificates with
identical serial numbers from different issuers). In that case the
first certificate found would be entered as recovery certificate.
The next version of PrivateDisk will be able to exactly specify
the recovery certificate.
6. Known Issues
* Sharing of removable volumes
In Windows Vista and Windows 7 users can
share removable media.
This feature is not yet supported by PrivateDisk.
Currently only drives with the attribute
"fixed disk" can be shared by the administrator.
* Renaming of volumes
Sporadically an error appeared in the test, so volumes
In the PrivateDisk GUI could not be renamed.
After restarting the GUI the renaming of volumes is possible.
* Volume names with special characters
Windows XP and Vista: A virtual disk with a name which contains
special characters and letters an error
message does not appear
during creation, but during the mounting of a disk.
In Windows 7 special characters are allowed.
* Uninstallation of Sophos Products
When uninstalling SafeGuard Biometrics 1.60, SafeGuard Advanced
Security 3.10 or older versions of this software, the ADM template
files are deleted. Please run a "Repair" command for the
SafeGuard PrivateDisk installation (Control Panel / Add or Remove
Programs / SafeGuard PrivateDisk / Change) to restore the files.
* SafeGuard LAN Crypt 2.10 and 2.00
The definition of a LAN Crypt profile for encrypting whole PrivateDisk
drives (e.g. “P:\*.*”) leads to an encryption of all files on all drives!
This issue will be solved in later releases of SafeGuard LAN Crypt.
Encrypting PrivateDisk volume files (*.vol) with SafeGuard LAN Crypt
is not possible.
* Drive label for PrivateDisk Drive replaced by removable storage
device label
In some situations, the drive label assigned to a PrivateDisk may get
re-assigned to another removable storage device. When this occurs, the drive
letter for the PrivateDisk will display the drive label for a newly attached device,
even though the PrivateDisk can be accessed using the drive and not the newly
attached device. If this occurs, un-mount the affected PrivateDisk and re-mount
it to ensure access to both devices.
* PrivateDisk Volume-Files on removable media that get different drive letters
assigned
PrivateDisk keeps a list of previously used volume files using their fully
qualified path name. In case that the volume file resides on a removable
media for which the drive letter has changed, e.g. a USB memory stick or a network
share, the volume file can no longer be located using its original file name,
thus marking its entry in PrivateDisk accordingly. In order to mount this particular
volume file again it has to be imported from the new drive with the changed
drive letter using the ‘File Import…’ function.
* Loss of data when writing to a PrivateDisk
When storing data onto a PrivateDisk whose volume file is located
on a removable USB drive or a network share that is accessed via WLAN
it may occasionally happen, caused by the delayed write operation of the
file system cache, that the stored data is lost in case that access to the
volume file can no longer be accessed. This can happen if removable
media is removed suddenly after the write operation has finished, or the
connection to a wireless LAN connection is broken. Therefore it is strongly
recommended not to remove any removable storage device that has a
a PrivateDisk mounted without un-mounting it before. Besides that it is
not recommended to access PrivateDisk via wireless network connections
that cannot ensure trouble-free operation.
March, 28th 2011, Sophos, Abingdon, UK