5 Replies Latest reply on Sep 16, 2012 3:36 PM by SafeBoot

    EEPC 6.2 – Encryption options - All Disks vs Boot disk only

      Hello,

      I’m unclear on what to use here. I spoke with McAfee tech support today and it was mentioned that by using the “Boot disk only” option in the Encryption tab- it would only encrypt the MBR and the boot partition and not the entire disk..!!

      Well the boot partition is C:. Am I right!  He also mentioned that if I have other partitions, like D: or so, wouldn’t be encrypted.

       

      I thought the entire disk (or as I know it, the boot disk) would be encrypted. He reiterated to always use the “All disks” option as the only way to ensure the disk is FULLY encrypted.

       

      After chatting with so many technicians and allowing remote-in, none of that was brought up as an issue before. Can someone clear this for me, please! Many thanks.

        • 1. Re: EEPC 6.2 – Encryption options - All Disks vs Boot disk only
          jmushet

          I have changed to the Boot Disk Only.  I had it set for all disks and it was encrypting external drives as well so limited the usage of eternal devices.  As for as I'm aware when encrypting Boot Disk Only it does the full disk. 

          • 2. Re: EEPC 6.2 – Encryption options - All Disks vs Boot disk only
            dwebb

            "Boot disk only" will *only* encrypt the Windows partition.  All other partitions on the boot disk, and all secondary disks will remain unprotected.

             

            EEPC 6.2 gives you the capability of specifying per-partition encryption....you could use this to determine which partitions to encrypt and which to leave unprotected.

             

            The issue with external eSata drives is that there is no way to reliably tell whether a drive is an eSata drive or an internal drive (it's just a different connector, after all).

            • 3. Re: EEPC 6.2 – Encryption options - All Disks vs Boot disk only

              jmushet, thank you.

              When you mentioned "it was encrypting external drives", are they USB drives and the flash drives included? I haven't set up All disks option yet to avoid this issue.The lack of equipment to test it with delays testing & deployment. However, I found a tablet with two paritions- C; and D:. Currently, it is encrypted with EEPC 5.2.4. After upgrading to 6.2 the C: partition encrypted okay, but  the D: partition started decrypting. I guess a another policy will have to be created to manage it.

               

              Message was edited by: Integer10 on 9/16/12 12:45:29 PM CDT

               

              Message was edited by: Integer10 on 9/16/12 1:22:03 PM CDT
              • 4. Re: EEPC 6.2 – Encryption options - All Disks vs Boot disk only

                dwebb, Thank you.

                 

                You are right, the second partition, D:  started decryption after upgrading from 5.2.4

                 

                I am new to ePO, are you referring to the policy with  "Boot manager" option for enabling\disabling partitions --to encrypt? Can you provide a basic usage of the option?

                 

                Since we use USB HD, for disaster recovery, backup, etc., isn't using the All disks option a risk when attaching the external drives and when they are also in use?

                • 5. Re: EEPC 6.2 – Encryption options - All Disks vs Boot disk only

                  No, there is no risk with USB drives, as they are always "external" - There's no such thing as an "internal" usb drive.

                   

                  the problem lies with eSATA - often the OS cannot make a determination if an eSATA drive is external or not, so it presents itself as a non-removable SATA internal disk.

                   

                  Thus. EEPC will encrypt it.

                   

                  If the drive, driver, and OS all work properly, eSATA drives show up as removable disks - then EEPC won't encrypt them.