/build/static/layout/Breadcrumb_cap_w.png

Patching/Rebooting Laptops with Pre-Boot Authentication/Encryption?

Hey there,

I was wondering if anyone had any good solutions for automating software patching of PCs with disk encryption and pre-boot authentification, since rebooting means someone has to be at the PC to enter in a password each time the PC boots up.

For our in-office desktops we have an overnight schedule which patches and reboots PCs as needed.

All our laptops have Truecrypt disk encryption with pre-boot authentification, so if KACE had to reboot the PC any number of times, the laptop would get stuck at the Truecrypt pre-boot password screen. We would tell our users to dock their laptops overnight every once in a while, but patching would still get stuck at pre-boot for an encryption password.

I was wondering if anyone has found any other encryption software that is patch/reboot friendly, or if there's a way to keep Truecrypt with pre-boot auth and automate the patching/reboot process.

Thanks,

Greg


0 Comments   [ + ] Show comments

Answers (1)

Posted by: SMal.tmcc 11 years ago
Red Belt
1

use the command line

http://www.truecrypt.org/docs/?s=command-line-usage


Comments:
  • thanks, but how would I do this? I understand that there is an option to "Mount partition using system encryption without pre-boot authentication," but this only seems to work if I am booted in another operating system and need to mount a partition with pre-boot auth from this other operating system. (e.g. If I booted into Linux and wanted to mount a Windows partition that normally has pre-boot auth.)

    Am I missing something? How would I use command line to help me with this if I'm trying to mount the drive at boot without pre-boot auth? Would I have to run Truecrypt off its own unencrypted partition at boot and then mount the encrypted drive without preboot auth? - ghum 11 years ago
    • You will need to get the OS running then issue the command to mount the truecrypt partition. - SMal.tmcc 11 years ago
      • Just to clarify: I only have a single Truecrypt-encrypted w/PBA and a single OS (Win7) on these laptops. Ultimately, I want to be able to let KACE run updates in windows, then reboot and boot back into the same windows drive to complete updates.

        I tried to mount the system drive without PBA within TC while booted into windows and got the notification that I couldn't "mount without PBA for a drive that's currently the system drive."

        If I'm hearing you correctly, are you saying I need to

        1. Boot into windows normally and issue the command in truecrypt to run at boot? Then let the computer reboot without PBA? How would I do this?

        OR

        2. are you saying I would need to have a separate partition with a separate OS running Truecrypt to mount without PBA.

        thanks for you help - ghum 11 years ago
  • Sorry did not realize you encrypted everything. we only encrypt a second partition - SMal.tmcc 11 years ago

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ