5 Replies Latest reply: Nov 15, 2012 6:29 AM by rannable
rannable Level 1 (20 points)

Hi,

 

Can anyone recommend a method of encryption that will allow network users to log into machines that are encrypted?

 

FileVault is good but it only seems to work with local user accounts which is no good.

 

Encrypting a disk from scratch is not ideal either as I have some unencrypted 10.6 machines I will be upgrading and leaving intact.

 

Also, I would like something that has a console or something that I can verify remote machines compliance by showing they are encrypted to auditors.

 

Has anyone else had this issue and resolved it with a particular product?

 

Thanks
Rob

  • Linc Davis Level 10 (192,377 points)

    FileVault is good but it only seems to work with local user accounts which is no good.

     

    Why is it no good?

  • rannable Level 1 (20 points)

    Because I need a networked user to log in. FileVault is for local users, there is no option to add networked users.

     

    What I will have to do is create a non-admin local account, allow that to boot with FileVault, give that password to the network users, they will then have to login as the wrong user, log back out and then in as themselves.

     

    Which is crazy and I can't imagine why anyone would go for this.

  • Linc Davis Level 10 (192,377 points)

    No form of WDE is going to support pre-boot authentication over the network. You're asking for something that doesn't exist.

  • rannable Level 1 (20 points)

    Well McAfee Endpoint Encryption does this, as does some of their competitors.

     

    For future reference I have figured out a way to do it- by making network users "mobile" users and logging in as them I can then choose those users to boot using their network passwords.

  • rannable Level 1 (20 points)

    (ok it isnt pre boot authentication but it caches the network password)