This content has been marked as final. Show 2 replies
We use pre-boot authentication, especially since without it you are always loading the encryption keys. It is kind of like writing the combination on the outside of the safe or motion sensors to open the vault for any passer by, which is a bad idea for any security system.
We sync our user list from LDAP (or you can use Active Directory), use a custom script similar to AutoDomain template they provide, and provide a mechanism for adding additional users on a machine later if necessary.
I'm very serious when I suggest that you not have machines always auto-login past pre-boot. It would put you in a poor defensive position if you ever had to explain your encryption process in court. It also removes accountability, in that anyone with physical access can boot the OS. Once the machine is stolen, you have lost the physical control aspect.
I'd be interested in hearing what you would be gaining by using autologon? I would think the whole security aspect of what eepc offers, would be flushed down the drain.
We do use autologon for some loaner machines that don't leave the company grounds but this gets removed before and a user id associated with the machine if it leaves the site.