Another additional question regarding autoboot. Presumably with autoboot enabled, this pretty much renders the Encryption product useless - as all of the ciphering process is done at preboot authentication correct?
We've got a history of SSO issues and password mismatches when changing AD credentials, and things have escalated which have threatened to remove MEE from our builds completely, and I'm wondering if MEE with encrypted disks but NO preboot authentication would offer ANY protection over just simply being unencrypted, as a sort of consolation alternative!
with the pre-boot disabled, the key is stored on the drive, it's really only for patch cycles etc. It's better than nothing, but not enough to meet most regulatory compliance rules in my opinion. You need to make up your own mind though.
Why not run with two different credentials? Lots of companies do that.
I guess your users are changing their passwords on non-EEPC machines, so the change is getting missed? Or perhaps you have something like Novell, or another third party credential provider involved?
Hi Safeboot, thanks for the response.
Our initial implementation of 5.2.5 contained seperate credentials, and our userbase cried out for SSO. We implemented SSO with 5.2.5 and had the odd issue with MEE password getting caught out of sync with AD password, usually if the Support Desk had to reset a password for somebody directly in AD users and computers - confusion ensued and before we knew it we had a support call because we needed to run the user recovery procedure over the phone with an offsite user.
I installed 6.1.1 within ePO a few months ago so we could use ePO to manage the system, and I'm very happy with it so far from an administration point of view - but business complaints regarding MEE and SSO have continued to rise (never complaints towards me which would allow me to either educate users or modify policy to correct faults) but the powers that be have decided that being compliant in this area is secondary to the impact on users (read into that what you will) and it looks like encryption could be removed as an IT requirement very quickly.
I ask about having pre-boot disabled as it may offer a 'better than nothing' alternative for IT management, but I appreciate the core functionality of MEE is blown out of the window when we progress down this route.
Still, as it stands I'm unable to uninstall MEE anyway due to the errors I'm gettings - so it looks like we're stuck with it !