Jamf Nation Community

We are just wrapping up a project for disk encryption. We deployed PGP
through Casper on approx. 300 laptops. Most of the laptops are running
Leopard, some Snow Leopard, and a few Tiger OS's. We used the 10.0.1 client
for Leopard, and Snow Leopard, and the 9.12 client for Tiger. After some
initial hurdles with an early release of the product we were able to move
forward. There are some tings to keep in mind, if you use this.

1. It does not do pass-thru authentication. There will be a pre-boot screen
   that will require a password the user will create at the
   enrollment/encryption time. They are rumored to be looking at that some
   where in the future but it is not available right now.

2. Half of our users are bound to AD, because the also use windows PC's the
   keychain did get out of sync with some of out users. This was easily taken
   care of, just mentioning it so you are aware.

3. It is VERY important that users keep power to the device while it is
   encrypting! If they need to move from room to room, or go home at the end of
   the day, and the device is not finished encrypting then they need to
   shutdown completely, and then, when they start the computer again they need
   to make sure it is plugged in again. They can not just close the lid, or let
   the power drain from the battery. The encryption takes place in the
   background so it will continue when restarted. But it needs power while
   encrypting. We had one client who just shut the lid, let the power drain
   overnight, next morning the device would not boot, not even to the pre-boot
   screen. (Note* We were able to recover his data)

4. Encryption of any type will stress the hard drive. If you have devices
   that you know have older hard drives in them, you might want to replace them
   first. Other then the client I mentioned in #3, we had a total of 2 devices
   that had a hard drive issue. We did not catch it before hand, so we had to
   recover the data, and then replace the hard drive. So out of 300 we had 2
   have HD issues.

If you want anymore info let me know.

Sean
-- Sean Gallagher
Sr. Platform Engineer
The Children's Hospital of Philadelphia
100 Penn Square East 7th Flr.
Phila, PA. 19107
267-426-2607

On 6/21/10 12:34 PM, "Ben.Toms at grey.com" <Ben.Toms at grey.com> wrote:

Hmmm... I'm guessing this can be managed from the sophos console too? So may be a better way forward for us sophos av users. Thanks for letting us know. Regards, Ben Toms ----- Original Message ----- From: Ernst, Craig S. <ERNSTCS at uwec.edu> To: Toms, Ben (Grey Communications Group - IT); Casper List <casper at list.jamfsoftware.com> Sent: Mon Jun 21 16:38:03 2010

Subject: Re: Disk Encryption

Apparently Sophos will have a Mac product for SafeGauard Easy coming in Aug/Sept timeframe as well...since I know some of you already deal with them, like I do for AV. On 6/21/10 10:03 AM, "Ben.Toms at grey.com" <Ben.Toms at grey.com> wrote: We're soon to be looking at this, so this'll be of interest., I noticed that there are a few extension attributes for these so hopefully someone has used these applications. Ben Toms IT Support Analyst GREY Group The Johnson Building, 77 Hatton Garden, London, EC1N 8JS T: +44 (0) 20-3037-3819 Main: +44 (0) 20 3037 3000 | IT Helpdesk: +44 (0) 20 3037 3883 -----Original Message----- From: casper-bounces at list.jamfsoftware.com [mailto:casper-bounces at list.jamfsoftware.com] On Behalf Of Ernst, Craig S. Sent: 21 June 2010 15:24 To: Casper List Subject: [Casper] Disk Encryption Hello All, I am wondering if anyone wishes to give recommendation to a disk encryption product? I can't use file vault on our user accounts like I'd like to since they are AD accounts. I am aware of TrueCrypt and PGP as options, but if there are compelling reasons to choose one over the other, or some other product not mentioned, I'd like to know. Thanks, Craig Ernst Systems Management and Configuration +-------------------+ University of Wisconsin-Eau Claire Learning and Technology Services 105 Garfield Ave Eau Claire, WI 54701 Phone: (715) 836-3639 Fax: (715) 836-6001 +-------------------+ ernstcs at uwec.edu

---

Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper _________________________________________

Casper mailing

My department uses PGP to encrypt our fleet of Mac & Windows laptops. We
have a PGP universal server to centrally manage keys and enforce policies.
We're very happy with it. We're not managing or installing the software on
the Mac side via Casper at all (though it would be possible, at least in
terms of installation). PGP preferences are best managed via their universal
server product, but that certainly increases the price significantly. The
ability to centrally manage PGP policies, prevent decryption by faculty who
have admin access to their machines, and retain recovery tokens within IT to
decrypt/recover drives were the clinching factors. Also, don't forget that a
whole disk encryption solution may force you to rethink your
reimage/support/patching workflows.

Kristen Dietiker
Senior Computer Specialist
Department of Surgery
University of Washington