oh neglected to mention that the "solution" is often to encrypt in the local admin account and having a sticker on the machine with that password written on it; so people can remember how to log into this shared machine at 10pm in a strange hotel room. Helpfully nullifying encryption. I've already seen this in action in 2 departments. Well intentioned folks attempting to deal with confusing technology.-R
[log in to unmask]" type="cite">
The reality if often as follows:
-One person encrypts the laptop and places it in the file cabinet after they are done with their travels.
it sits there for a couple months; the original user has; changed passwords and can't remember their old one, or leaves UVM.
-another employee grabs the computer to use it and can't log in because they did not follow the "quite easy to set up" procedure. All ETS procedures are quite easy to set up.
-granted this is not a big deal, a support call is generated, and the issue can be resolved with token, worse case reimage.
-add to this that they did not bother to discover they could not log in, until just before travel, or after they left on the long weekend, then to travel then it becomes a time sensitive issue.
-confusion abounds, it is a stresser and it is decided that a “shared” laptop or encryption all together is a pain. The policy is dodged further, possibly. I suppose they could opt to use their own computer for travel, or purchase extra laptops.
I think an exception in these cases would be quite prudent.-Roger
On 2/15/2012 3:48 PM, Carol Caldwell-Edmonds wrote:[log in to unmask]" type="cite"> If the computer is a laptop, owned by UVM, it must have PGP on it. The multiuser environment is quite easy to setup. We encrypt the laptops used by the student techs in the Helpline and CDC, and there are 30 of them. It works best on CAMPUS domain joined laptops, it does take some maintenance when people change passwords, and you should have more than one account in the Administrators group. Then it is manageable.
On 2/15/2012 3:12 PM, Roger Bombardier Jr. wrote:[log in to unmask]" type="cite">In agreement with Andrew's point; I had at one point pressed this point asking about exemption from policy for a shared computer and was given to understand that there IS such an exemption. Agree? Disagree?
On 2/15/2012 03:09 PM, Andrew Hendrickson wrote:
My advice would be not to encrypt the device at all unless you have to.
If this is a shared computer it shouldn't have anything on it of a sensitive nature (why? because it's nobody's computer).
On Feb 15, 2012, at 2:50 PM, David Pepper wrote:
My unit has just received its first laptop with PGP Desktop installed. It seemsAndrew Hendrickson
that the first user to log in (and perhaps every subsequent user) is prompted to
encrypt the whole hard drive.
This laptop is intended to be a loaner that can be checked out by staff for
meetings, work-from-home, etc. What is the prevailing wisdom about how to use
or handle this program for this type of system?
CAS IT Administrator
UVM, College of Arts& Sciences
438 College Street #402
[log in to unmask]
To submit a request for service please use:
signatureCarol Caldwell-Edmonds, IT Professional Senior
Enterprise Technology Services: Client Services
Helpline and Computer Depot Clinic Coordinator
University of Vermont
[log in to unmask]
[log in to unmask]">
never take yourself TOO seriously...
artwork by Shannon Edmonds