Taking Control of Unmanaged BitLocker Computers
You can do a takeover of BitLocker-encrypted computers that are not managed by SmartEndpoint
A Check Point GUI application which connects to the Endpoint Security Management Server, to manage your Endpoint Security environment - to deploy, monitor and configure Endpoint Security clients and policies., and make them centrally managed. You can do this using either BitLocker Management or Check Point Full Disk Encryption A component on Endpoint Security Windows clients. This component combines Pre-boot protection, boot authentication, and strong encryption to make sure that only authorized users are given access to information stored on desktops and laptops. Acronym: FDE..
Taking control of unmanaged BitLocker computers using BitLocker Management
Define and install a Full Disk Encryption policy with BitLocker Management. Follow the procedure in Configuring a BitLocker Encryption Policy, with these guidelines:
-
Define a Full Disk Encryption rule
Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session. that Applies To to either the Entire Organization or only to the entities that need BitLocker Management. -
In the properties of the Use BitLocker Management action, select Windows Default as the Encryption algorithm.
This is important because it leaves the existing BitLocker encryption in place. Selecting another algorithm explicitly may result in a re-encryption if the existing algorithm does not match the algorithm in the policy. It is a good idea to avoid re-encryption because it can take a long time. The time it takes depends on the disk size, disk speed and PC hardware.
Taking control of unmanaged BitLocker computers using Check Point Full Disk Encryption
Follow the procedure for taking control of unmanaged BitLocker computers using BitLocker Management.
After the computers are under Check Point BitLocker Management, define a rule with Check Point Full Disk Encryption that Applies To to either the Entire Organization or only to the entities that need Check Point Full Disk Encryption. Follow the procedure in Configuring a Check Point Full Disk Encryption Policy.
|
|
Best Practice - When you change the encryption policy for clients from BitLocker Management to Check Point Full Disk Encryption, the disk on the client is decrypted and then encrypted. This causes the disk to be in an unencrypted state for some time during the process. We recommend that you do not change the encryption policy for entire organization in one operation. Make the change for one group of users at a time. |
