- What version of SecureDoc does this FAQ cover?
- Why do I have to have Full Disk Encryption?
- How does Full Disk Encryption work?
- Will Full Disk Encryption work on my computer?
- Should I do something to prepare for Full Disk Encryption?
- How do I get Full Disk Encryption?
- Can I work while my computer encrypts?
- Can I turn my computer off while it is encrypting?
- Can I install the encryption client on my personal computer?
- Can the installation be run from off campus?
- Once my computer is encrypted, what will change?
- I share a computer with other people. Can my computer still be encrypted?
- My computer has been encrypted. How do I change my password?
- I changed my password and now I’m unable to log on at the encryption screen. What do I do?
- My computer has been encrypted, but I forgot my password. What do I do?
- I receive an error message when I log on to my computer. What does this mean?
- How do I get a user added (or removed) from an encrypted computer?
- Is my computer protected if I put it into hibernation mode?
- My computer was lost or stolen. What do I do?
- How do I uninstall the encryption software from my computer?
- Do I need to encrypt my virtual machine on my computer?
- How can I request an exception to Full Disk Encryption?
- How do I transfer a computer from the current user to a new user?
- Will WinMagic’s SecureDoc encryption slow down my computer?
- Is it the individual files, the hard disk or the computer that is encrypted?
- Is there any software program known to interfere or not work with this encryption? Which ones?
- How do I back up my files to another hard disk? Does the back-up disk need to be encrypted? How?
- Does the encryption software need to communicate with a server to work? That is, can I turn on and use my computer in an area with no internet access?
This FAQ is for Windows and OS X computers.
Continuing the work begun by the Identity Theft Prevention Task Force of 2011, encryption of sensitive data will improve its protection and reduce risk of loss. Should a computer be lost or stolen when the hard drive is encrypted, the data is inaccessible and the risk of loss practically eliminated.
Full Disk Encryption is performed using software or hardware that encrypts everything on a computer hard drive (including the operating system). You will use your user name (ID) and password to unlock the hard drive for normal, full access. You will normally enter your ID only once during the startup process. Management of encrypted computers is performed centrally.
The encryption client software will run on Microsoft Windows and Mac OS X operating systems. Linux versions are also available.
Technology Services recommends:
- Joining your machine to the Active Directory domain, if possible (this is the default for most users).
- Make a backup of your data.
- Make sure the computer is up to date with all patches and drivers.
- Turn off sleep options and keep your computer plugged.
If you have questions or concerns about any of these items or how to perform/check them, contact the Service Desk at x2662.
Technology Services personnel will initiate the process for you. You will be notified that the process is about to be initiated and if action on your part is needed. If you have questions, please call the Service Desk at x2662.
Yes, you can continue to work. Turn off sleep options if you are leaving your computer to encrypt while you are away. During sleep, encryption is stopped along with all other common processes.
If necessary, you can restart or power down your machine, and the encryption process will resume when the machine is restarted. It will complete more quickly if the process is allowed to run uninterrupted.
No. Licenses are available only for Samford University–acquired computers.
Parts of the installation require connection to services that are only accessible on campus. If encryption is in process and the machine is taken off campus, it will continue (when powered on and running), but the process will not complete until the machine is back on campus.
On Windows machines, during startup you will be presented with the SecureDoc logon screen. Simply enter your ID and password and your computer will boot as normal. After encryption, you will not normally see the Windows login screen; SecureDoc will satisfy its login requirements. Encrypted Macs do not present a SecureDoc logon screen.
Yes. The machine is encrypted even if other accounts are on the machine. However, each user must have their ID associated with the computer. When a computer is initially encrypted, only the ID of the person used during initial encryption is granted access. When others log in while the computer is on campus network, the account is added to the machine.
Use the pwchange process to change your password, which is our standard program for all password changes..
Password changes using pwchange are normally effective in SecureDoc also. If you are having problems, please contact the Service Desk at x2662.
Contact the Service Desk at x2662 for assistance with changing your password.
The message is informational to notify the user that someone has tried to access their computer. If you know you made those errors, there is no issue. However, if you did not, you may want to contact the Service Desk at x2662 to discuss it.
Contact the Service Desk at x2662.
Hibernation mode is prohibited and disabled on Samford-provided computers.
Regardless of whether your computer was encrypted or not, you must contact the Service Desk at x2662. If the computer was stolen, you should also contact Samford University Public Safety at x2020.
You must not attempt to uninstall the encryption software. All attempts to remove the encryption software from your computer may render it unusable. If you have further questions, please contact the Service Desk at x2662.
No. You only need to encrypt the hard drive. A virtual machine in a file is encrypted along with everything else in the partition. For OS X, encryption of a separate boot partition on a computer is not supported. If you have further questions, call the Service Desk at x2662.
If you believe an exception is necessary, contact the IT Security & Compliance office in Technology Services.
Contact the Service Desk at x2662 to initiate this process.
From our testing, some Windows systems have been impacted during the encryption process, which is a one-time operation. That time may be seconds for Self-Encrypting Drives (SEDs) to several hours for software encryption. Once the initial encryption is complete, noticeable performance difference is not likely.
The hard disk is encrypted.
Samford uses SecureDoc software encryption or Self-Encrypting Drives (SEDs) for Windows computers and Filevault2 for OS X computers. You should not attempt to use another disk encryption program. All are managed in the SecureDoc management system. If you have any questions regarding encryption, or use of particular utilities like DeepFreeze, call the Service Desk at x2662 for guidance. In general, programs that modify the computer boot record are likely to create conflict with encryption operations.
Copying files from an encrypted disk works the same as an unencrypted disk. However, please be aware of University Records Management Policy 1.27 regarding placement of university data. Please refer any questions to the Service Desk at x2662.
Communications with the central server is required during initial setup. Occasional connection to the server keeps management information in sync. Your computer does not have to remain connected for encryption to continue to operate normally.