FRP Usage of User Personal and Regular Keys required?
we are using FRP in an on-prem ePO environment. We are only using a small subset of the functions of FRP. Basically our requirements are the ones listed below.
- force encrypttion of removable media, optical and other - access encrypted media on firm machines by entering a password. We do NOT require media being auto-unlocked.
- enforce password complexity - access encrypted media on external machines by using the offsite access app and a password. - recover access to media if the password is lost. This requires to see which user originally encrypted the media in oreder to only restore access to the encrypting or another authorized user. - reporting of removable media activity including user information
We keep encountering sporadic issues with clients getting the prompt "The specified user is invalid" althought the key exists and is assigned to the user. The issue already consumed innumerable man hours in troubleshooting, which is why we are considering using FRP without keys.
So far, the only purpose of the keys in our scenarios seems to be the auto-unlocking of encrypted media, which is something that we do not require. In a preliminary test, I logged off from FRP and verified under Manage Features that no key was availale. I then performed the below actions without encountering any issues
created an encrypted ISO. Password was enforced as well as complecity criteria
mounted the ISO: Got a pw prompt and was able to access the files after entering pw
unmonted and remounted
Walked through the password-lost process: Recovery key was displayed, user information was displayed, recovery key worked
Ran Query regarding "removable media device events" and was able to find my action regarding the above mentioned ISO files
form this, I gather that we would not need to deploy any keys to users in order to continue using frp. what do you think? is this assumption correct?
Re: FRP Usage of User Personal and Regular Keys required?
Assuming your encryption of removable and optical media is the "offsite" method and there are no other FRP usages not mentioned here, then it sounds like you do not have a need to assign keys to users. Of course, in keeping with your initial test, you should be able to test\apply the change further in a slow fashion (a few systems\users at a time) for testing purposes to be sure first.
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.