Re: [lopsa-tech] Laptop disk encryption

Wed, 10 Dec 2014 07:55:41 -0800 

> From: tech-boun...@lists.lopsa.org [mailto:tech-boun...@lists.lopsa.org]
> On Behalf Of Edward Ned Harvey (lopser)
> 
> I don't recall the process from the top of my
> mind, but if you want, I can look it up.

A few months later, I have a Win7 Home laptop that I unfortunately have to 
encrypt with Truecrypt instead of Bitlocker.  (I love bitlocker).  So this is 
probably not useful anymore, but here is a copy of the process we use anyway:

Please install WinCDEmu in advance (and reboot)
Install TrueCrypt

To enable whole-disk encryption:
    Launch TrueCrypt
    System / Encrypt System Partition or Drive
    Normal
    Encrypt the windows system partition (not the whole disk)
    Single boot
    Default algorithms.  (AES and RIPEMD)
    Set password.  (Store someplace secure and reliable)
    After generating random stuff, it will notify you, it's going to create an 
ISO recovery disk.
        And it's going to launch the CD burner for you.
        If you don't want to actually burn the disc, you can just cancel the 
burn wizard,
        TrueCrypt will expect to read the contents back from an optical drive, 
to confirm it was burned.
        You can use WinCDEmu, to mount the iso, and validate the disc without 
burning.
    Before going any further, backup the ISO (Store someplace secure and 
reliable)
    Wipe mode:  None
    It forces you to do encryption pretest (which does reboot)
    You must enter boot password
    After pretest completes, and you login again, encryption begins.

To change password:
    You must wait for the entire encryption process to finish before you can 
change password.
    Launch TrueCrypt.  Go to System / Change Password.

    Now the user can set their own TrueCrypt password, but if they lose it 
somehow,
    the IT staff can recover the system using the recovery iso and the original 
password.

    Since it's annoying to enter login password twice at every system start, 
you may want to
    install sysinternals, and use AutoLogon to automatically login to windows 
after the system boots.

To recover if the user password is lost or unavailable:
    Boot from recovery disk created earlier.
    Repair Options / Restore Key Data
        (Requires your old password)
    Now the volume password has been restored, and may be booted, using the old 
password.
_______________________________________________
Tech mailing list
Tech@lists.lopsa.org
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
 http://lopsa.org/

Reply via email to