FAQ - Device Encryption

Summary

Questions answered about management of an encrypted ECU-owned faculty/staff computer.

Body

Can a computer be repaired without decrypting it?

Can any active directory user log in?

Can I run a dual-boot Mac (BootCamp)?

Can I upgrade my Mac to the latest macOS without decrypting it?

How do I know the encryption software has been pushed to my laptop?

I have an iMac and Mac laptop, both encrypted. When I change my password on the iMac, how will I access my encrypted laptop?

If data is copied from an encrypted device to a network folder like PirateDrive, is the data still encrypted?

Is there a personal key?

What if my machine will not boot? How do I decrypt it for repairs?

What if the computer has multiple hard drives?

 

Can a computer be repaired without decrypting it?

No. The machine must be decrypted before any hardware repairs can be performed.

Can any active directory user log in?

Only after a reboot and once an authorized user has initially logged in.

After that the mac works normally until another reboot or shutdown when the login process must be done again.

Can I run a dual-boot Mac (BootCamp)?

No, encryption is not recommended for a dual-boot Mac (BootCamp), and therefore, is not supported by ITCS Desktop Support.

Can I upgrade my Mac to the latest macOS without decrypting it?

Yes, but be aware that the drive will be converted to APFS format. Remember to back up all data before the upgrade.

How do I know the encryption software has been pushed to my laptop?

Users will receive a notification that the software is ready to be configured.

Windows. There is also a new icon in the Windows systems tray – a black box with a key in the middle. The system tray is located in the lower right corner of the screen.

I have an iMac and Mac laptop, both encrypted. When I change my password on the iMac, how will I access my encrypted laptop?

You will need to use the old password or recovery key to unlock the drive on the Mac laptop until it is back on the ECU network and the password updates.

Can’t remember the old password? Contact ITCS to retrieve the recovery key from the console.

If data is copied from an encrypted device to a network folder like PirateDrive, is the data still encrypted?

No. Data is not encrypted if it is moved to a difference device, Piratedrive, OneDrive, etc.

Is there a personal key?

In general, ECU computers have been set up with a personal key that is stored in JAMF and only accessible to approved users.

What if my machine will not boot? How do I decrypt it for repairs?

If the computer cannot boot, then it cannot be decrypted for repairs. Therefore, you need to have a recent backup of your data.

It is strongly encouraged that departments provide Crashplan Pro backup software for users. Other storage options include Piratedrive network storage for sensitive information and OneDrive cloud storage for non-sensitive data.

What if the computer has multiple hard drives?

With multiple hard drives (i.e., mac pro), when one drive is encrypted, the others will ask for a password to mount it.

Details

Details

Article ID: 67151
Created
Tue 6/11/19 3:25 PM
Modified
Tue 6/11/24 9:36 AM
Service Owner
Desktop Technologies Support

Related Articles

Related Articles (1)

Supported options for department computers, printers and peripheral equipment like flash drives and servers.

Related Services / Offerings

Related Services / Offerings (1)

Request encryption be enabled for ECU-purchased computers, tablets, thin clients, USB hard drives and flash drives.