We have a number of Dell T7600's. If we try to encrypt them with DE 7.2 it does encrypt the drive. However, after the PC is reboot it will BSOD's with an unmountable boot volume message. The PC has (1) SSD VisionTek 480GB HD. The PC has had all of the drivers, firmware, and bios updates applied but the problem persists. Is there a compatibility issue with the Dell T7600 precision serial PC?
Legacy BIOS. Windows 7 x64. Drive Encryption 188.8.131.527 and 7.1.3 produce the same unmountable boot volume message if the PC is encrypted and rebooted.
So, to rule out any policy issues, have you tried using the default encryption policy? Just copy it, and change the encrypt part to "encrypt all disks (because the default is none). I would also add a message in the Log On section, like "This is the test policy" or something, so you can confirm it's applied.
I'd also be curious to know what happens if you enable automatic booting. Does it boot up or does it still BSOD?
I have tried copying the default policy, and we already use automatic booting, we do not use pre-boot authentication. Same problem, BSOD.
So are you using the TPM to secure the system? You know that with autoboot, the key is applied as soon as you get past the PBA, So, if the PBA is skipped automatically then the system is effectively not encrypted once it's booted up.. The only thing protecting the system at that point would be the logon screen, unless you are also using file and folder encryption.
Here is a quote from the Best Practices guide. under "Recommended Product Settings Policies"
"If you enable this option, be aware that the McAfee Endpoint Encryption software does
not protect the data on the drive when it is not in use."
So, automatic booting is really just a tool to install software. I've never heard of anyone keeping it on in production systems. You might as well not have it then.
Security: Chip Based Data Encryption: 128-bit AES-compliant
If you are not sure how to verify - you can check in the system's properties in EPO:
Menu > System tree > Click on the system name in the system tree > Click on the 'Drive Encryption' tab
There will be an 'Encryption Provider' value of either PC Software or OPAL.