[FDE] IT support accounts on FDE secured computers
Ali, Saqib
docbook.xml at gmail.com
Sat Aug 18 13:45:42 MDT 2007
On 8/17/07, SafeBoot Simon <hunt.simon at gmail.com> wrote:
> In my experience all the support users have their own unique accounts
> as well. Some laptops we deploy have over 3000 users assigned to them,
> support team, management teams, sometimes entire buildings worth of
> users.
Adding all users (or lot of users) makes it hard to ensure the
confidentiality of the FDE protected computer. If "one" user's
password is compromised then "all" FDE protected computers are
vulnerable to unauthorized access. Plus it creates all kinds of audit
issues.
> As SafeBoot syncs user accounts, passwords and policies etc, it's no
> effort to manage.
Does Safeboot has its own user database or does it rely on Active
Directory? If it uses AD how does it syncs password for "all" users?
What about the remote computers that rarely connect to corporate
network. Their accounts will remain out of sync, and the computer will
be vulnerable to unauthorized access in case a password is
compromised.
More information about the FDE
mailing list