Resolve the known issues in FDE.
The Recovery Console for FDE 3.0.7 shows the following error:
FDE Recovery Console has detected that an invalid key has been received from the PolicyServer. Please verify that the correct PolicyServer address has been specified. If this error still persists, please contact your system administrator.
This issue is due to the Recovery Console having problems with dual core processors. Version 22.214.171.124 of FDE will not allow the machine in black screen state. If a bad disk diagnostic occurs, it warns the user and stops the Recovery Console from continuing. At this point Administrators or Authenticators are instructed to use the FDE Utility CD.
As a workaround, the Administrator or Authenticator may enter the BIOS and change the processor to single instead of dual. This will allows the Recovery Console to function properly.
This issue occurs because the functionality to support make/model X has not yet been added to the FDE pre-boot.
To resolve the issue, upgrade to the current production build of FDE. If the issue still persists, contact Trend Micro Technical Support.
Once the user has authenticated to the device, initial encryption begins. A typical machine (Pentium 4, 60GB HD, 1GB RAM) encrypts in approximately two (2) hours. The user notices some system degradation during the initial encryption process. However, the degradation does not prevent the user from performing normal tasks.
When encryption is complete, the user notices no performance impact. The on-the-fly encryption/decryption process takes less than 100 milliseconds to complete. Therefore, the user does not notice any delay in decrypting or encrypting a file during normal use.
Currently, FDE encrypts the primary drive only. Slave or secondary drives are not encrypted. FDE encrypts all partitions of a drive and there is no limit to the number of partitions that can be created.
If unallocated space is allocated after the initial encryption is completed, FDE automatically encrypts the newly allocated space after the next reboot.
The following instructions will assist you in setting up FDE-equipped machine designated as a shared resource in a company.
- Ensure that the CanOnlyBeInOneGroup policy is set to "No" for all users.
- Create a Top Group and name it. e.g. Shared Resource.
- Set the following policy within the group: Login > DomainAuthentication = No.
- Create a user at the Enterprise level.
- Add the new user to the Shared Resource group and make it as a Group Administrator or Authenticator.
- Install FDE for Windows on the device that is to be shared as a group Administrator or Authenticator.
- Add all users intended to access this device to the "Shared Resource" group.
- Assign the users a group One-Time Password.
Users can now log in to the shared resource using the assigned One-Time Password. Users must log in to FDE at least once while connected to the network to use this shared resource. If a user does not, then that user will not be able to access the shared resource.