2 Replies Latest reply on Oct 12, 2009 7:15 AM by mjpottratz

    Protecting remote servers that reboot

      Hi

      I have some remote servers running Win2K3 on mirrored disks. I'd like to encrypt the disks on these such that, if removed/stolen from sites, the data is protected.

      The catch is that they have to reboot periodically to meet the needs of a legacy application.

      Is there a safeboot/EEFF configuration recommendation for this kind of situation?

      thanks

      Gavin
        • 1. RE: Protecting remote servers that reboot


          See the section disablesecurity and reenablesecurity in the scripting guide? That might help.

          - A
          • 2. Protecting remote servers that reboot
            It is a pain to deal with, but the Autoboot user account is an option you can try. What happens is this:

            1. You Enable the $Autoboot$ user (make sure it has already been added to the machine)
            2. Uncheck the box for the machine that says "Disable checking for Autoboot"
            3. Force a sync to the machine

            If all is good with the sync, the next time the machine reboots it will completely bypass the PBA and boot to the OS (and subsequent reboots until you change it back).

            Once done rebooting, you should Disable the Autoboot user again and re-check the "Disable checking for Autoboot".
            (I use both methods to be sure)

            There are ways of changing the Autoboot account, using different names like $autoboot$US, or changing the default password from 12345 (requires a client change though - i think the sdmcfg.ini).

            Don't bother creating multiple different autoboot accounts and applying them all to every machine. The boot process only looks for and uses the first autoboot it finds and ignores the rest - found that out the hard way (version 5.1.9).