On 20120215 18:14 , Roger Bombardier Jr. wrote:
> I think an exception in these cases would be quite prudent.
I think most of us would concede that PGP WDE's handling of multiuser
machines can be cumbersome and, at times, irritating. But I imagine that
the likelihood of a given storage device (accidentally?) containing
sensitive data probably varies proportionately with the number of users
handling that device. (In many cases, anyway.) And also that "loaner"
status very likely increases the chances that a given device will be
lost or otherwise misused (see "the rental car effect"). So, while I
understand the frustrations surrounding this issue, it would seem that
this population of machines may actually comprise the poster children
for whole disk encryption's intended benefits, in spite of the
software's obvious shortcomings in supporting this pattern of usage.
FWIW, I imagine the "brief bouts of usage by multiple transients
interspersed with months in a storage locker" use case was probably
deemed by the designers to be a relatively rare situation. True, this
doesn't excuse poor design/execution, but I've spent some time thinking
about how I would've designed software to deal with such utilization and
have yet to come up with anything appreciably better.
Sam Hooker | [log in to unmask]
Systems Architecture and Administration
Enterprise Technology Services
The University of Vermont
> On 2/15/2012 3:48 PM, Carol Caldwell-Edmonds wrote:
>> If the computer is a laptop, owned by UVM, it must have PGP on it. The
>> multiuser environment is quite easy to setup. We encrypt the laptops
>> used by the student techs in the Helpline and CDC, and there are 30 of
>> them. It works best on CAMPUS domain joined laptops, it does take some
>> maintenance when people change passwords, and you should have more
>> than one account in the Administrators group. Then it is manageable.
>> On 2/15/2012 3:12 PM, Roger Bombardier Jr. wrote:
>>> In agreement with Andrew's point; I had at one point pressed this
>>> point asking about exemption from policy for a shared computer and
>>> was given to understand that there IS such an exemption. Agree?
>>> On 2/15/2012 03:09 PM, Andrew Hendrickson wrote:
>>>> My advice would be not to encrypt the device at all unless you have to.
>>>> If this is a shared computer it shouldn't have anything on it of a
>>>> sensitive nature (why? because it's nobody's computer).
>>>> On Feb 15, 2012, at 2:50 PM, David Pepper wrote:
>>>>> My unit has just received its first laptop with PGP Desktop
>>>>> installed. It seems
>>>>> that the first user to log in (and perhaps every subsequent user)
>>>>> is prompted to
>>>>> encrypt the whole hard drive.
>>>>> This laptop is intended to be a loaner that can be checked out by
>>>>> staff for
>>>>> meetings, work-from-home, etc. What is the prevailing wisdom about
>>>>> how to use
>>>>> or handle this program for this type of system?
>>>> Andrew Hendrickson
>>>> CAS IT Administrator
>>>> UVM, College of Arts& Sciences
>>>> 438 College Street #402
>>>> Burlington, VT
>>>> 802-656-4529 (fax)
>>>> [log in to unmask]
>>>> To submit a request for service please use:
>> Carol Caldwell-Edmonds, IT Professional Senior
>> Enterprise Technology Services: Client Services
>> Helpline and Computer Depot Clinic Coordinator
>> University of Vermont
>> [log in to unmask]
>> avatar by Shannon Edmonds
>> never take yourself TOO seriously...
>> artwork by Shannon Edmonds