I’m unclear on what to use here. I spoke with McAfee tech support today and it was mentioned that by using the “Boot disk only” option in the Encryption tab- it would only encrypt the MBR and the boot partition and not the entire disk..!!
Well the boot partition is C:. Am I right! He also mentioned that if I have other partitions, like D: or so, wouldn’t be encrypted.
I thought the entire disk (or as I know it, the boot disk) would be encrypted. He reiterated to always use the “All disks” option as the only way to ensure the disk is FULLY encrypted.
After chatting with so many technicians and allowing remote-in, none of that was brought up as an issue before. Can someone clear this for me, please! Many thanks.
I have changed to the Boot Disk Only. I had it set for all disks and it was encrypting external drives as well so limited the usage of eternal devices. As for as I'm aware when encrypting Boot Disk Only it does the full disk.
"Boot disk only" will *only* encrypt the Windows partition. All other partitions on the boot disk, and all secondary disks will remain unprotected.
EEPC 6.2 gives you the capability of specifying per-partition encryption....you could use this to determine which partitions to encrypt and which to leave unprotected.
The issue with external eSata drives is that there is no way to reliably tell whether a drive is an eSata drive or an internal drive (it's just a different connector, after all).
dwebb, Thank you.
You are right, the second partition, D: started decryption after upgrading from 5.2.4
I am new to ePO, are you referring to the policy with "Boot manager" option for enabling\disabling partitions --to encrypt? Can you provide a basic usage of the option?
Since we use USB HD, for disaster recovery, backup, etc., isn't using the All disks option a risk when attaching the external drives and when they are also in use?
No, there is no risk with USB drives, as they are always "external" - There's no such thing as an "internal" usb drive.
the problem lies with eSATA - often the OS cannot make a determination if an eSATA drive is external or not, so it presents itself as a non-removable SATA internal disk.
Thus. EEPC will encrypt it.
If the drive, driver, and OS all work properly, eSATA drives show up as removable disks - then EEPC won't encrypt them.
jmushet, thank you.
When you mentioned "it was encrypting external drives", are they USB drives and the flash drives included? I haven't set up All disks option yet to avoid this issue.The lack of equipment to test it with delays testing & deployment. However, I found a tablet with two paritions- C; and D:. Currently, it is encrypted with EEPC 5.2.4. After upgrading to 6.2 the C: partition encrypted okay, but the D: partition started decrypting. I guess a another policy will have to be created to manage it.
Message was edited by: Integer10 on 9/16/12 12:45:29 PM CDTMessage was edited by: Integer10 on 9/16/12 1:22:03 PM CDT