Good question. The way our team set it up was to use the Checkpoint option for "integrated windows authentication" so as not to impact the users too much. Also, when it's booting, if you hit both shift keys you'll get the menu of options but still need a pw to do anything. If you have any of the windows authentication pw you can get on the box. However if you boot it with a CD or other tool, you won't load the pointsec boot driver so you can't read the disk. You would have to have the pointsec boot driver on your boot device and the checkpoint pw.
Don K ________________________________ From: David Lum <david....@nwea.org> To: NT System Admin Issues <ntsysadmin@lyris.sunbelt-software.com> Sent: Wed, May 5, 2010 11:42:17 AM Subject: RE: Encryption “. It doesn't make the user input any passwords at boot time though” Really, then what’s the point? Is that because that’s how you configured it? Per their website “Check Point Full Disk Encryption provides the highest level of data security with multi-factor pre-boot authentication”. Inquiring minds… Dave From:Don Kuhlman [mailto:drkuhl...@yahoo.com] Sent: Wednesday, May 05, 2010 9:29 AM To: NT System Admin Issues Subject: Re: Encryption We use Pointsec for PC from Checkpoint on the laptops here. Only the reload staff and the desktop engineering team have the password. So if you pull your own drive it's useless to you and if someone else gets it, it's useless. It doesn't make the user input any passwords at boot time though. Don K ________________________________ From:Angus Scott-Fleming <angu...@geoapps.com> To: NT System Admin Issues <ntsysadmin@lyris.sunbelt-software.com> Sent: Wed, May 5, 2010 9:11:10 AM Subject: Re: Encryption On 5 May 2010 at 8:12, ccoo...@aurico.com wrote: > We use TrueCrypt here on a couple removable drives and two laptops. For > the laptops, we have the entire drive encrypted. So when the user powers up > the laptop, they are prompted to enter in a password (right after the bios > loads). Once the password is entered in the OS loads and if the user forgets > or doesn’t have the correct password then the OS won’t load. With TrueCrypt the user can change the password. PGPdisk had a master password. I don't think TC does. How do you manage that at the corporate level? -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-895-3270 Security Blog: http://geoapps.com/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~