Is there another way to encrypt at-home laptops without an "offline package" generated from EPO? I would like to encrypt a number of laptops but don't want to have anything to do with our EPO. Is there a standalone Encryption package installer that will simply encrypt a machine? I'm afraid that modifying that xml file may not be enough. I think framepackage.exe probably contains some reference to the parent EPO.
if you block the machine from talking to EPO, you won't be able to recover it if there's a problem. You also won't be able to track how many licences you are using, or prove any data protection/audit requirements.
It's not "offline encryption", it's offline activation. Its not meant to be a permanent situation.
Can you let us know what the problem with allow the machines to connect is - what's the situation which means you don't want to see these in EPO?
Hi thanks for your response.
Yes I'm fully aware of the tracking licensing/recovery keys issue. Our IT group encrypts laptops for users so they keep a list of users/licenses and stores recovery keys.
Goal - encrypt machines without any EPO involvement.
I understand that offline activation is meant to be temporary and as such once on network it will find EPO. Ideally we want people to keep these laptops home/outside of office network. If they do that, we are ok with offline activation which will never find EPO, will never convert to online. However users sometimes do bring their laptops to office, they do connect to network and of course agent finds EPO and converts to online. Because these standalone laptops were not part of a domain, no users were assgined for encryption. So if a reboot takes place, we are stuck on pre-boot screen.
That is why we want to find out if we can break the communication by modifying some config file or something. Meaning even if they connect to office network, we need to make sure it won't find EPO.
OR if there is a package which we can use that will simply encrypt a machine, we would be ok with that.
some other alternatives we may consider - setup a Read-only domain controller which will be exposed to outside network, or modify our wirless network (that's usually how laptops will connect to network) so that EPO access can be blocked.
Hope my situation is clear. Thanks.
Aer you setting these machines up with the pre-boot disabled? If so, you do realise (like every other product in this mode) that the encryption key is stored on the drive?