Print

Print


oh neglected to mention that the "solution" is often to encrypt in the 
local admin account and having a sticker on the machine with that 
password written on it; so people can remember how to log into this 
shared machine at 10pm in a strange hotel room.  Helpfully nullifying 
encryption.  I've already seen this in action in 2 departments.  Well 
intentioned folks attempting to deal with confusing technology.

-R

On 2/15/2012 6:14 PM, Roger Bombardier Jr. wrote:
>
> The reality if often as follows:
>
> -One person encrypts the laptop and places it in the file cabinet 
> after they are done with their travels.
> -
> it sits there for a couple months; the original user has; changed 
> passwords and can't remember their old one, or leaves UVM.
>
> -another employee grabs the computer to use it and can't log in 
> because they did not follow the "quite easy to set up" procedure.  All 
> ETS procedures are quite easy to set up.
>
> -granted this is not a big deal, a support call is generated, and the 
> issue can be resolved with token, worse case reimage.
> -add to this that they did not bother to discover they could not log 
> in, until just before travel, or after they left on the long weekend, 
> then to travel then it becomes a time sensitive issue.
>
> -confusion abounds, it is a stresser and it is decided that a “shared” 
> laptop or encryption all together is a pain.The policy is dodged 
> further, possibly.I suppose they could opt to use their own computer 
> for travel, or purchase extra laptops.
>
> I think an exception in these cases would be quite prudent.
>
> -Roger
>
>
> On 2/15/2012 3:48 PM, Carol Caldwell-Edmonds wrote:
>> If the computer is a laptop, owned by UVM, it must have PGP on it. 
>> The multiuser environment is quite easy to setup. We encrypt the 
>> laptops used by the student techs in the Helpline and CDC, and there 
>> are 30 of them. It works best on CAMPUS domain joined laptops, it 
>> does take some maintenance when people change passwords, and you 
>> should have more than one account in the Administrators group. Then 
>> it is manageable.
>>
>> Carol
>>
>> On 2/15/2012 3:12 PM, Roger Bombardier Jr. wrote:
>>> In agreement with Andrew's point; I had at one point pressed this 
>>> point asking about exemption from policy for a shared computer and 
>>> was given to understand that there IS such an exemption. Agree? 
>>> Disagree?
>>> -Roger
>>>
>>> On 2/15/2012 03:09 PM, Andrew Hendrickson wrote:
>>>> My advice would be not to encrypt the device at all unless you have 
>>>> to.
>>>>
>>>> If this is a shared computer it shouldn't have anything on it of a 
>>>> sensitive nature (why? because it's nobody's computer).
>>>>
>>>>
>>>> On Feb 15, 2012, at 2:50 PM, David Pepper wrote:
>>>>
>>>>> My unit has just received its first laptop with PGP Desktop 
>>>>> installed.  It seems
>>>>> that the first user to log in (and perhaps every subsequent user) 
>>>>> is prompted to
>>>>> encrypt the whole hard drive.
>>>>>
>>>>> This laptop is intended to be a loaner that can be checked out by 
>>>>> staff for
>>>>> meetings, work-from-home, etc.  What is the prevailing wisdom 
>>>>> about how to use
>>>>> or handle this program for this type of system?
>>>> Andrew Hendrickson
>>>> CAS IT Administrator
>>>> UVM, College of Arts&  Sciences
>>>> 438 College Street #402
>>>> Burlington, VT
>>>> 05405
>>>>
>>>> 802-656-7971
>>>> 802-656-4529 (fax)
>>>>
>>>> [log in to unmask]
>>>>
>>>> To submit a request for service please use:
>>>> http://footprints.uvm.edu/ashelp.html
>>>
>>
>> -- 
>> Carol Caldwell-Edmonds, IT Professional Senior
>> Enterprise Technology Services: Client Services
>> Helpline and Computer Depot Clinic Coordinator
>> University of Vermont
>> [log in to unmask]
>> avatar by Shannon Edmonds
>> never take yourself TOO seriously...
>> artwork by Shannon Edmonds