I have a laptop that was renamed several weeks ago. The original name was left in the Endpoint Encryption Manager.
We now need to unencrypt this laptop, but we have no idea what the old name is in EEM.
Is there any way I could locate which machine it is in EEM without knowing the old computer's name?
We are running EEM/EEPC 5.2.10
those creds can be bypassed in seconds using something like passware - encryption without pre-boot authentication, as others have said, really adds no value at all.
You need to boot from a cd in order to recover the administrator password and by doing so..the data on the drive is still encrypted. Data gets decrypted without authentication only by booting from the hdd.
Correct me if I`m wrong.
check out passware - they have a firewire cracking module, you can also do it with a pcie card, or anthing with DMA access. Also, your encryption key is stored on your drive, so it's pretty easy to find - passware already have a module to do this with Bitlocker...
without pre-boot auth, it's pretty open, and does not conform to any data protection regulations.
How is one able to provide proof of conformity with regulations? Because you have the information that a specific machine was encrypted, but you won't be able to prove what policy was applied to it (mainly if autoboot was enabled or not) in the moment it got stolen/lost.