Dear All,
we are using FRP in an on-prem ePO environment. We are only using a small subset of the functions of FRP. Basically our requirements are the ones listed below.
- force encrypttion of removable media, optical and other
- access encrypted media on firm machines by entering a password. We do NOT require media being auto-unlocked.
- enforce password complexity
- access encrypted media on external machines by using the offsite access app and a password.
- recover access to media if the password is lost. This requires to see which user originally encrypted the media in oreder to only restore access to the encrypting or another authorized user.
- reporting of removable media activity including user information
We keep encountering sporadic issues with clients getting the prompt "The specified user is invalid" althought the key exists and is assigned to the user. The issue already consumed innumerable man hours in troubleshooting, which is why we are considering using FRP without keys.
So far, the only purpose of the keys in our scenarios seems to be the auto-unlocking of encrypted media, which is something that we do not require. In a preliminary test, I logged off from FRP and verified under Manage Features that no key was availale. I then performed the below actions without encountering any issues
- created an encrypted ISO. Password was enforced as well as complecity criteria
- mounted the ISO: Got a pw prompt and was able to access the files after entering pw
- unmonted and remounted
- Walked through the password-lost process: Recovery key was displayed, user information was displayed, recovery key worked
- Ran Query regarding "removable media device events" and was able to find my action regarding the above mentioned ISO files
form this, I gather that we would not need to deploy any keys to users in order to continue using frp. what do you think? is this assumption correct?
You Deserve an Award
