![]() Likewise any disk reported bad by SMART, goes in the shredder. Bad disks will fail the command, and you put those into the shredder. ATA Secure Erase, ATA Sanitize, and/or NVMe Secure Erase are the go-to for disks. However, using a utility like BitLocker, found on Windows Vista, Windows 7 and Windows 8, you can set up a pin or a password needed to unlock a hard drive. Some PCs (Dells come to mind) also have BIOS level utilities which will do the work for you. BitLocker ‘Standalone’: Does not rely on an application to manage BitLocker encryption of drives. ![]() The Mac will disable itself the next time it connects to the Internet.įor disposals, there are plenty of solutions out there which can be booted from USB or PXE, and log centrally to a server for compliance reasons. TECHNOTE: MAINTAINING MICROSOFT BITLOCKER ENCRYPTION HEALTH WITH ABSOLUTE BITLOCKER DEPLOYMENT MODELS Most organizations will manage their BitLocker deployment using one of the three following methods. If you have them enrolled into DEP, you can issue a firmware lock command as well as a secure erase command through your MDM. If the drives lose power during this operation, the key to the data is already gone, and the drive will either become a brick permanently, or it will be bricked until it can finish the secure erase operation. Mechanical drives will need time but self encrypting ones will start off by discarding the encryption key. Or you can have the asset be located and tracked, and display a warning up on the screen that the hardware is stolen.įor Secure Erase, SSDs can wipe themselves via Secure Erase in seconds by throwing away their own encryption keys and zeroing out the NAND. For example, set a system password and issue a Secure Erase command to the disk. If the machine is turned on AT ALL and connected to a network, regardless of the OS, it will phone home, and receive any commands you send it. Make sure you are configuring BIOS passwords at a minimum to make it more of a headache to just walk off with an Asset.īusiness PCs will often support services like Absolute / LoJack. ![]() If you just want to trip BitLocker, clear the TPM. Generally speaking, you want a way to tell a machine to lock out and if stolen, to erase itself.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |