Home

Results 1 to 3 of 3

Thread: Simple ZENworks FDE

Hybrid View

  1. #1
    Join Date
    Aug 2015
    Posts
    8

    Question Simple ZENworks FDE

    Hello,

    Slowly getting to know ZENworks offered encryption possibilities.
    So in testing process arose few question about ZENworks encryption.

    First let's see what have I done so far:

    1) FDE without PBA user:
    FDE applied on computer HDD. Encryption process encrypted HDD.
    When Windows OS loads, it decrypt HDD and user can log into local user.
    User does not even know, that there is FDE enabled on there computer....
    2) FDE with PBA user:
    I create FDE policy, where i can indicate what PBA user should be:
    Example: Username Janis_Abolins, Password *********
    User cant change those authentification crendentials.
    Everytime user needs to point those crendentials, before he can load Windows OS and log into computer.
    3) FDE with PBA user+capturing
    When FDE is applied on computer, it restarts system.
    When local user logs in, ZENworks encryption agent creats(Capture User) from those crendentials PBA user.
    If my local user was Janis_Abolins with pasword 1234qwer, it creates PBA user Janis_Abolins with password 1234qwer.
    Password syhronisation happens, when local user changes password:
    *After password for local user is changed, you need to restart pc.
    *At Pre-boot login screen you will need to use old PBA user password.
    *Then log into local user with new password.
    *Then ZENworks encryption agent sync passwords.

    Q:
    How secure is simply encrypted HDD with ZENworks FDE without PBA user? Try to mount HDD to other system - It shows file system is not recognize and asks to formate HDD. But is it secure enough?

    Is it possible to make ZENworks encryption agent synhronize passwords between PBA user and Local User in process when local user changes his local user password? Whitout restarts, relogins etc...

    What exactly is writen down in ERI file? Hardware id?

    Best Regards,
    Janis Abolins

  2. #2
    Automatic reply NNTP User

    Re: Simple ZENworks FDE

    AbolinsJanis,

    It appears that in the past few days you have not received a response to your
    posting. That concerns us, and has triggered this automated reply.

    These forums are peer-to-peer, best effort, volunteer run and that if your issue
    is urgent or not getting a response, you might try one of the following options:

    - Visit http://www.novell.com/support and search the knowledgebase and/or check
    all the other self support options and support programs available.
    - Open a service request: https://www.novell.com/support
    - You could also try posting your message again. Make sure it is posted in the
    correct newsgroup. (http://forums.novell.com)
    - You might consider hiring a local partner to assist you.
    https://www.partnernetprogram.com/pa...nder/find.html

    Be sure to read the forum FAQ about what to expect in the way of responses:
    http://forums.novell.com/faq.php

    Sometimes this automatic posting will alert someone that can respond.

    If this is a reply to a duplicate posting or otherwise posted in error, please
    ignore and accept our apologies and rest assured we will issue a stern reprimand
    to our posting bot.

    Good luck!

    Your Novell Forums Team
    http://forums.novell.com



  3. #3
    Join Date
    Feb 2008
    Location
    Raleigh, NC
    Posts
    6,663

    Re: Simple ZENworks FDE

    Quote Originally Posted by AbolinsJanis View Post
    Hello,

    Slowly getting to know ZENworks offered encryption possibilities.
    So in testing process arose few question about ZENworks encryption.

    First let's see what have I done so far:

    1) FDE without PBA user:
    FDE applied on computer HDD. Encryption process encrypted HDD.
    When Windows OS loads, it decrypt HDD and user can log into local user.
    User does not even know, that there is FDE enabled on there computer....
    2) FDE with PBA user:
    I create FDE policy, where i can indicate what PBA user should be:
    Example: Username Janis_Abolins, Password *********
    User cant change those authentification crendentials.
    Everytime user needs to point those crendentials, before he can load Windows OS and log into computer.
    3) FDE with PBA user+capturing
    When FDE is applied on computer, it restarts system.
    When local user logs in, ZENworks encryption agent creats(Capture User) from those crendentials PBA user.
    If my local user was Janis_Abolins with pasword 1234qwer, it creates PBA user Janis_Abolins with password 1234qwer.
    Password syhronisation happens, when local user changes password:
    *After password for local user is changed, you need to restart pc.
    *At Pre-boot login screen you will need to use old PBA user password.
    *Then log into local user with new password.
    *Then ZENworks encryption agent sync passwords.

    Q:
    How secure is simply encrypted HDD with ZENworks FDE without PBA user? Try to mount HDD to other system - It shows file system is not recognize and asks to formate HDD. But is it secure enough?

    Is it possible to make ZENworks encryption agent synhronize passwords between PBA user and Local User in process when local user changes his local user password? Whitout restarts, relogins etc...

    What exactly is writen down in ERI file? Hardware id?

    Best Regards,
    Janis Abolins

    While PBA adds another layer of Encryption, it should still be considered secure without it.

    No, the Passwords are synchronized during the logon process.

    The ERI file is used to help recover the system in the event of some type of OS Failure or possible other scenario. The ERI file cannot be used between systems. Only the most recently generated ERI file is usable to recover the system.
    The ERI files cannot be manually generated after the fact to attempt to recover a system if one does not have the most recent one.
    --
    Any Opinions, Thoughts, Solutions, or Blog Entries are my own and may or may not be shared by Micro Focus or any Sane Person
    Please Use at your Own Risk.

    Blog - https://forums.novell.com/blog.php/5830-CRAIGDWILSON

    https://ideas.microfocus.com/mfi/novell-zcm

    Want to Turbo charge your apps and put an end to compatability issues?
    https://www.microfocus.com/products/...top-containers

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •