2 Replies Latest reply on Apr 22, 2009 2:21 PM by jvolltrauer

    What is everyone else doing?

    Dvanmeter
      Just wondering how many people are doing Preboot authentication, or setting systems up to preboot autologon? We use preboot authentication but I have heard of many people doing the other. I can see how using autologon preboot authentication would elimate a lot of procedural steps in setting up id's passwords, etc. Just wanting to hear some other Encryption Administrator's opinion on this.
        • 1. RE: What is everyone else doing?
          We use pre-boot authentication, especially since without it you are always loading the encryption keys. It is kind of like writing the combination on the outside of the safe or motion sensors to open the vault for any passer by, which is a bad idea for any security system.

          We sync our user list from LDAP (or you can use Active Directory), use a custom script similar to AutoDomain template they provide, and provide a mechanism for adding additional users on a machine later if necessary.

          I'm very serious when I suggest that you not have machines always auto-login past pre-boot. It would put you in a poor defensive position if you ever had to explain your encryption process in court. It also removes accountability, in that anyone with physical access can boot the OS. Once the machine is stolen, you have lost the physical control aspect.
          • 2. RE: What is everyone else doing?
            I'd be interested in hearing what you would be gaining by using autologon? I would think the whole security aspect of what eepc offers, would be flushed down the drain.

            We do use autologon for some loaner machines that don't leave the company grounds but this gets removed before and a user id associated with the machine if it leaves the site.