1 Reply Latest reply on Sep 18, 2009 8:56 AM by SafeBoot

    MEE preboot screeen removal

      We have a scenario where it has been requested that we turn off the preboot screen in MEE. Before we start a test and set up machines etc I have am looking for some advice.

      1) If preboot screen is turned off, what are the security implications? would for example a password cracker work, and access data?
      2) Will the user have a normal windows logon dialog box.
      3) Is it possible to boot directly into Windows and not have to authenticate MEE.
      4) Is this done by ( as I suspect) making a change in the management console.
        • 1. RE: MEE preboot screeen removal
          1. You woudnt need to - you machine is effectively open. You could use a firewire attack, or network attack just to suck the data off, or a cold boot attack.

          see My Blog

          in short, if you turn off pre-boot, then you stored the key for encryption on the disk. Thus you can most likely not claim protection from data disclosure any more.

          But yes, someone could sniff the SAM over the wire and crack the users windows password. Personally I'd just use a firewire or network attack to break through the windows Login.

          2. That's up to windows of course, most likely yes.

          3. That's what turning off pre-boot does. You'll get the windows login of course.

          4. Yes, you need to make a policy change.