Is anyone out there using a FDE product, with Macs that frequently change users? What products are you using, and would you recommend it?
We have been using CheckPoint, but we have relatively few Macs; each department is assigned some number of Macs, and it's up to the department to decide where it goes and who uses it. This has created an administrative nightmare, as CheckPoint doesn't allow any new domain users to log in, until I have personally added that user (and the user has to be present to set the password, too). This is clearly not acceptable in our situation, so I'm hunting for alternatives. I checked out Sophos, but it looks like their product is significantly less manageable than CheckPoint's. Does anyone know of a reasonable solution to this? (Management is insisting that all the laptops have FDE set up, so FileVault or similar is not an option.)
It's also a huge pain to try to manage computers that won't boot without someone physically present. I dread pushing any updates that require a reboot, partly for this reason. CheckPoint and Sophos both fail in this regard. Another consideration is anti-theft measures. I'm currently investigating options for this, but no such solution will make any difference at all if the computer won't at least boot to a login screen without authentication.
Ideally the solution we choose would be entirely transparent to the user; no pre-boot login or anything like that. It should boot to a regular login screen where any valid user can log in ("user" is defined by the OS, not by a separate database). Central management would be helpful, but not required; ditto remote unlock for guests.
I should also mention that we use CheckPoint on our PCs, and it provides all of this (except possibly remote unlock). Their Mac version does not, however.
