Encryption

Discussions Best practice for shared laptops used for presentations

Encryption requires membership for participation - click to join

Thread Info

State Not Answered
Locked Locked
Replies 3 replies
Subscribers 5 subscribers
Views 8538 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Best practice for shared laptops used for presentations

Stu_G over 10 years ago

Hi,

We have several laptops we loan out to users for presentational purposes, powerpoint mostly. Typically the laptops are loaned out for a day or so.

We have 100 users who potentially could loan out any of these laptops

It is obviously not feasible to add all users to all laptops..... and the laptops must be encrypted and POA invoked.

Given this scenario what would be best practice in terms of adding users to the laptop, given a days notice?

I really want to lessen the burden on the helpdesk too if possible.

Thanks

This thread was automatically locked due to age.

Parents

0 ChrisD over 10 years ago

Hi Stu,

have you considered rolling out so called <POA> accounts to the Pool of loan notebooks?

"After SafeGuard Enterprise has been installed and the SafeGuard Power-on Authentication (POA)
has been activated, access to endpoints to perform administrative tasks may be required. With
POA users, users (for example members of the IT team) can log on at the SafeGuard Power-on
Authentication on endpoints for administrative tasks without having to initiate a
Challenge/Response procedure. There is no automatic logon to Windows. The users logging on
with POA user accounts log on to Windows with their existing Windows accounts"

Please see Admin manual - chapter
19 POA users for SafeGuard POA logon (http://www.sophos.com/en-us/medialibrary/PDFs/documentation/sgn_61_h_eng_admin_help.pdf) for full details

You could create a POA account group, distribute the account only to the loan machines and provide the machines with the static POA account to your users. They would have to enter the POA Account to be able to boot the machine and authenticate in Windows using their Windows Account credentials.

You could also centrally rotate the password for the accounts if required.

Regards,
Chris
:50182
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 ChrisD over 10 years ago

Hi Stu,

have you considered rolling out so called <POA> accounts to the Pool of loan notebooks?

"After SafeGuard Enterprise has been installed and the SafeGuard Power-on Authentication (POA)
has been activated, access to endpoints to perform administrative tasks may be required. With
POA users, users (for example members of the IT team) can log on at the SafeGuard Power-on
Authentication on endpoints for administrative tasks without having to initiate a
Challenge/Response procedure. There is no automatic logon to Windows. The users logging on
with POA user accounts log on to Windows with their existing Windows accounts"

Please see Admin manual - chapter
19 POA users for SafeGuard POA logon (http://www.sophos.com/en-us/medialibrary/PDFs/documentation/sgn_61_h_eng_admin_help.pdf) for full details

You could create a POA account group, distribute the account only to the loan machines and provide the machines with the static POA account to your users. They would have to enter the POA Account to be able to boot the machine and authenticate in Windows using their Windows Account credentials.

You could also centrally rotate the password for the accounts if required.

Regards,
Chris
:50182
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data