We are trying to reduce the build time of our laptop process. Currently we wait until the drives have finished encrypting before handing the laptop to the user.
What are the risks to handing the laptop back to the user when the encyption process is only at 10% for example ? They still have to authorise to get into the latop and the encryption process will continue to run whilst they use the laptop I presume ?
Preboot authentication will be enabled even at 1% encryption. However, there may be little gain in handing the laptop to the user at this point, if it is to be used immediately. Firstly because the data won't be protected, and secondly, the system won't be as responsive as normal, due to the ongoing encryption process.
Hope this helps,
I tested EEPC 6.1.3 with VM workstation,When XP was encrypting,System booted normally after that I rebooted system....It's normal?
It depends how much sensitive data is on the drive and how much risk you want to take. Before the drive is 100% encrypted you're not covered against data loss notification regulations.
Saying that, most customers "encrypt on user time" when deploying to their users. It's only really brand new machines where people sit them on a bench and let them complete.
Have you thought about reducing the partition size? That will speed things up, as will of course using AES-NI
Just so you have another customers point of view for your poll, I'll chime in.
The risks are (somewhat) obvious in that any data that the customer writes to unencrypted space is not protected. I suspect, but I'm not certain, that if the laptop was lost and for whatever legal reason you had to disclose it, that the drive would not be considered protected until you're at 100% and the system reports back in.
That said, we deploy the laptop as soon as the encryption starts. With V5 and SATA drives, it was taking 4-5 hours which was sometimes too long to just hold onto it. With V6, SSD, and AES-NI we're down to encryption times of around just over an hour, but we still follow the same practice where we're not waiting until encryption is complete before deploying. Encryption is supposed to be the first thing a tech kicks off so that it has as much time on the bench to encrypt as possible, but I honestly couldn't tell you if that gets practiced properly or not.