2020 July 22 - enabling/enforcing drive encryption on desktop systems

Short summary:

We're going to start encrypting most desktop machines in much the same way we do laptops. You don't need to do anything. :)

Details:

Some time ago we began enforcing campus disk encryption requirements on PC and Mac laptop devices. With many desktop machines now sitting in unattended offices, we're going to start encrypting most of them as well.

I'm shortly going to enable automatic encryption on desktop Windows machines which are joined to the campus domain. If you're using the machine you may get a popup telling you that encryption is going to start - you can simply click OK, the encryption will take place in the background and you can keep working normally.

Desktop Mac systems will be slightly more complicated, we'll be enabling the policy on them more gradually.

In both cases this will generally be invisible to the end-user - you won't need to enter a special password at boot and you shouldn't notice any performance changes since the encryption is handled by a dedicated portion of the system processor.

For machines which are encrypted by this method, we will maintain an emergency recovery key so data can be recovered if something goes wrong on the machine. If you ever get a blue "bitlocker recovery screen" after performing maintenance, contact SSCF and we can provide the recovery code.

NOTE: If your system is "dual boot" (switches back and forth between Windows and Linux) you might need to change the way you start up (Booting Windows from the "grub" boot menu may no longer work on some systems, but choosing Windows from the EFI/BIOS boot menu should work as before.)

Please get in touch with us if you have any questions.

-tgr

--

Tom Guptill Russo

IT Director, Arts & Humanities Dean's Office

Director, Social Sciences Computing Facility

University of California, San Diego