I disagree with John (it's not uncommon for John and I to have different opinions as we've approached FDE from different but mostly equally valid angles for many years. John works for Utimaco, I work for SafeBoot).
In my experience most admin one time overrides are handled by the admin simply having their own account. One-time access, C/R etc is usually only required when: 1. The admin doesn't have an account on the machine 2. The FDE solution doesn't have the capability to support enough users in the pre-boot environment. If you imagine a product which for example only supports 10 or so pre- boot users, you can see that having a general shared key override is necessary. Luckily most vendors seem to be moving away from this limited style environment. I particularly hate the idea of shared keys/passwords - it reminds me too much of common BIOS passwords which within days, everyone from the cleaner up seems to know. On Aug 20, 3:27 pm, "john.veldhuis" <[EMAIL PROTECTED]> wrote: > Hi Saqib, > > There are several ways of doing this, ranging from logon tokens for IT staff, > via C/R to allow a technician one-time access to a drive, to seflhelp > websites/voice recognition systems. In my experience, the C/R is most used. > > Regards, > John > > ________________________________ > > Van: Ali, Saqib [mailto:[EMAIL PROTECTED] > Verzonden: vr 17-8-2007 17:09 > Aan: [EMAIL PROTECTED] > Onderwerp: [FDE] IT support accounts on FDE secured computers > > As it turns out, deploying FDE to users is not the most complex task - > providing day-2-day IT support is. > > My cousin works for a medium sized financial institution which > recently deployed FDE. Providing day-to-day IT support to the users is > becoming a hassle. Every time the IT support person has to work on > laptop the owner must be present to enter their credentials into the > pre-boot authentication. > > Can anyone give me some real-word examples of how other institutions > have tackled this issue? How do they the allow the IT support person > to work on the laptop if the user is not present and laptop is > turn-off? > > saqibhttp://www.linkedin.com/in/encryption > > _______________________________________________ > FDE mailing list > [EMAIL PROTECTED]://www.xml-dev.com/mailman/listinfo/fde _______________________________________________ FDE mailing list [email protected] http://www.xml-dev.com/mailman/listinfo/fde
