Showing results for 
Search instead for 
Did you mean: 
Level 10

How Do You Manage Encryption User Assignments?

I am looking for ideas how to manage the users and user assignments for MDE.   Currently we are using $autoboot$ with a HD password.   We want to move to pre-boot authentication with either BitLocker or MDE and get rid of the HD password.  The only thing I like about Bitlocker is that you don't have to manage user keys - you can just use a pin (no user ID) which would be acceptable for us (password would be better).  For MDE we need user to machine assignments.  Ideally if we could just have a managed password for each machine that would be great (already passed that idea/suggestion to McAfee)  An idea I was thinking of... During MDE installation automate a MDE user to be created unique to the machine (maybe serial #?), assign user to machine... user uses the serial number for PBA.  Of course this isn't perfect because of other use cases... Like shared laptops, but it would work with a vast majority of our laptop use cases

Just curious if anyone else is doing creative with the MDE user and machine assignments that you could share.


0 Kudos
1 Reply
Level 21

Re: How Do You Manage Encryption User Assignments?

All the security best practices advise against device based/common passwords, and steer people towards personal authentication. Device passwords are invariably shared, sharing means you can't attribute actions to a person, and no-attribution means you can't identify people related problems.

I agree it's a "cheap" solution, but it's very much sub optimal.

0 Kudos