I've been running disk encryption with luks on my own laptops since I stopped using windoze years ago, and it can have multiple unlock key slots, both for yourself, and corporate IT. The only real deficiency is there isn't any centralized management for it natively, unless you're doing automation atop it with puppet, anisble, etc to rotate it with a script.
From there, I just run a non-trusted windoze vm if I just need it
as a visio hypervisor as usual, or I've found decent IT shops
usually offer some sort of corporate install options for vm. If
no other reason to have one, the mac users still always just have
to run fusion+windoze anyways for an office suite that doesn't
suck and other win-only enterprise garbage.
I did this last year working for a large network vendor on contract, as they required windoze, win-only vpn, certs, posture analysis, and a ton of other windoze-only software suites, but they provided a winpe build disk that ran inside vm, and poof, out came a corporate blessed image to run on about anything. Sadly It used so much ram by default, it actually ran better on my laptop or desktop where I could give it 12gb of my ram vs the crappy gimme laptop they handed me with 8gb. I had to build it in vmware as their iso checked, but then just converted it to virtualbox and ran it there.
Every time I would have to boot windoze for something, I'd just
figure out/plan/plot how to replace it eventually. Win admins
usually hate to see me coming their way, but I can always meet
their requirements to stay using linux. I'm still down to only
visio I simply haven't found a suitable replacement for yet.
On 10/17/2016 08:23 PM, Brien Dieterle wrote:
--------------------------------------------------- PLUG-discuss mailing list - PLUGfirstname.lastname@example.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss