Let me start this off by saying I've already evaluated and have planned to purchase SecureDoc Enterprise from WinMagic. However, due to billing issues (not price) I'm afraid I may not be able to make that purchase so I'm now scrambling to find a replacement product. I've got 7 news laptops coming in about 1.5 weeks and I need to deploy full-disk encryption on them.
I'm looking for something with the following features:
- Allows user to locally reset forgotten encryption password without requiring a rescue disk and without requiring network connectivity. SecureDoc uses security questions or an administrator assisted one-time key.
- Allows user to bypass Windows login by passing domain credentials to pre-boot login.
- Centrally managed and policy based.
It should go without saying that the product should have good security/encryption practices and not require a week of training for the admin or user.
Thanks!
edit: I found out that I can purchase the software through Softchoice rather than having to go direct. It's a little unfortunate that the sales person at WinMagic didn't tell me I could go through a reseller even though he knew I had a billing issue. The issue is that they do not accept American Express and we felt their credit app form asked for too much information.
PGP Full Disk Encryption may work for you.
BitLocker is built into Windows 7. Using the Laptop's TPM you wouldn't need a password to unlock the disk, the user would login to Windows with their standard domain password. You can use GPO to store recovery keys in AD; recovering a locked disk would require an admin to get the key from AD (though this should not be a problem anyway). It's what we use internally.