Are you using the EUFI BiOS? What OS are you using? What happens if you switch to legacy BIOS?
Legacy BIOS. Windows 7 x64. Drive Encryption 18.104.22.1687 and 7.1.3 produce the same unmountable boot volume message if the PC is encrypted and rebooted.
Drive Encryption Go and the hardware compatibility boot disk both pass as well.
So, to rule out any policy issues, have you tried using the default encryption policy? Just copy it, and change the encrypt part to "encrypt all disks (because the default is none). I would also add a message in the Log On section, like "This is the test policy" or something, so you can confirm it's applied.
I'd also be curious to know what happens if you enable automatic booting. Does it boot up or does it still BSOD?
I have tried copying the default policy, and we already use automatic booting, we do not use pre-boot authentication. Same problem, BSOD.
So are you using the TPM to secure the system? You know that with autoboot, the key is applied as soon as you get past the PBA, So, if the PBA is skipped automatically then the system is effectively not encrypted once it's booted up.. The only thing protecting the system at that point would be the logon screen, unless you are also using file and folder encryption.
Here is a quote from the Best Practices guide. under "Recommended Product Settings Policies"
"If you enable this option, be aware that the McAfee Endpoint Encryption software does
not protect the data on the drive when it is not in use."
So, automatic booting is really just a tool to install software. I've never heard of anyone keeping it on in production systems. You might as well not have it then.
Thanks for the explanation. This doesn't solve our current issue though. We are not using file and folder encryption or TPM.
mikesjra - do you happen to know whether or not you are using the OPAL provider to manage these systems? Visiontek's spec sheet for this drive looks like it supports self-encryption:
Security: Chip Based Data Encryption: 128-bit AES-compliant
If you are not sure how to verify - you can check in the system's properties in EPO:
Menu > System tree > Click on the system name in the system tree > Click on the 'Drive Encryption' tab
There will be an 'Encryption Provider' value of either PC Software or OPAL.
It says PC software.