> From: [email protected] [mailto:[email protected]] > On Behalf Of Mark McCullough > > What tools should I be looking at (besides BitLocker)? What gotchas should I > worry about?
Bitlocker is the clear winner when it's available. Win7 Pro does not support bitlocker. You need Win7 Ultimate or Enterprise. Win 8 Pro supports bitlocker. In order to support bitlocker, you need hardware support. (System must have TPM). All the Dell Latitude/Precision series have it. It's hit-or-miss in the inspiron series, etc. Literally nothing sold at Best Buy has support, except for the Surface Pro. If you don't have a domain, no problem. But you need to save the recovery key and manage it manually. By comparison, if you had a domain, you could configure group policy, which would encrypt & store the keys automatically for you. If for any reason you can't use bitlocker, use TrueCrypt. The latest (last) binaries were archived at http://truecrypt.ch. I happened to have downloaded some of them prior to truecrypt shutdown, and I verified that the binaries distributed by truecrypt.ch are authentic. I don't buy the "don't use truecrypt" argument - sure they're unmaintained now, but even at the time of shutdown, they had no updates for over 2 years, because they're simply stable. If you use truecrypt, you enable full disk encryption, and export a backup - I forget exactly how this works, but it forces you to burn a CD. (I was able to use some tool - I forget what - to "burn" an iso instead.) Then when you give the laptop to the end user, they can set their own password, and if you ever need to recover, you can boot from your CD and use the password that you know and the user doesn't know. _______________________________________________ Tech mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
