http://www.animefruit.com

Guys come check it out if you like anime at AnimeFruit.com

and I promise it’s totally pro.

gg,

heatgap/ho0d0o

Initially you do Whole Drive Encryption(WDE) with a password only the IT dept knows that I’ll call password01 for machine 01 and password02 for machine 02 and so on. Then you save the required ISO as a file someplace on your corporate LAN protected of course and backed up(DON’T forget that!). Next, allow the end user to change the TrueCrypt password to something that they know. This will change the encryption key that encrypts the symmetric key(that is not changed by a simple password change) that actually does the disk encryption/decryption. Now, if the end user forgets the password you can send them a CD(from the ISO) with the known password on it. You boot from that CD to then allow access to the previously locked drive.

Second tip that I use when I travel abroad with my WDE laptop. To keep from being compelled to give my password, you can change the screen that is offered at boot from the “dead give away” screen that tells you to enter your password to something more fun like “Missing Operating System” or some sort of STOP message. When the laptop boots you get only that prompt and you have to know that you need to type your password. Nothing you type will show on the screen even as asterisks. If you type the wrong password and press enter you get no feedback except that the computer does not boot, not even a CRLF. This allows me to freak out in front of the customs official about my dead laptop. There is probably some way to look at the boot sector to realize that it is waiting for something to be entered but at least the typical person is going to just feel sorry for you.

One final tip, don’t forget to whole drive encrypt your external drives. I bet more USB attached drives are left on airplanes, in hotels, and on board room tables than laptops and they frequently have very damaging data on them.

TrueCrypt doesn’t(to my knowledge as of v6.1) support the TPM on the newer laptops but it may not be necessary. I think that with Win7 BitLocker is going to become the corporate standard since it integrates nicely with TPM and AD and now allows encryption of external drives as well as blocking the writing to an unencrypted USB attached drive which is very cool.

Sorry for the rant but TC is one of my must have’s.

Rick

Have you heard or had to use PointSec PC (now called Check Point Full Disk Encryption)? It appears to be something designed or pitched towards corporate environments.

Snubs were indescribable annoying in the beginning just saying “what ever he said”. Matt looked at her weird @ 1:37
And as another post mentioned it was funny, in a private invading way, to see snubs’ illegal movie downloads. Remember winners don’t do warez, right?

This episode was fun to watch, but maybe not in the way you intended.

As far as TrueCrypt in a corporate environment, there is no central management, but using the method outlined in the user guide you can safely deploy TrueCrypt because you can always reset the password. Here is the excerpt from the manual:
“Note that these features can be used in a corporate environment to reset volume passwords in case a user forgets it (or when he/she loses his/her keyfile). After you create a volume, backup its header (select Tools -> Backup Volume Header) before you allow a non-admin user to use the volume. Note that the volume header (which is encrypted with a header key derived from a password/keyfile) contains the master key with which the volume is encrypted. Then ask the user to choose a password, and set it for him/her (Volumes -> Change Volume Password); or generate a user keyfile for him/her. Then you can allow the user to use the volume and to change the password/keyfiles without your assistance/permission. In case he/she forgets his/her password or loses his/her keyfile, you can “reset” the volume password/keyfiles to your original admin password/keyfiles by restoring the volume header backup (Tools -> Restore Volume Header).”

The show is still awesomeness. Keep up the great work.

PS: What to you think of ZFS?