• Status: Solved
  • Priority: Medium
  • Security: Private
  • Views: 75
  • Last Modified:

Software that can encrypt the laptops without TPM modules

Hi

We have GDPR and I have been asked to encrypt staff laptops. We are using windows 7 enterprise. The idea is if the laptop is lost or stolen, the person who gets the laptop must not be able to recover the data from the laptop Hard disk.

The laptops that we have does not have TPM module. We have found a way of setting up bit locker and here during the setup process, the encrypted key corresponding to the laptop is copied to a USB stick and whenever the laptop is booted the USB stick must be inserted into the laptop to authenticate and boot into windows.

This method will not be suitable for uses, they can lose the USB stick, it will be difficult for them to carry this with the laptop and if they keep the USB in the laptop bag and if the laptop bag is lost, the data can fall into wrong hands.

Please let me know if there is any other way around or any software that can encrypt the staff laptops.
Thanks
Any help will be great
0
lianne143
Asked:
lianne143
7 Solutions
 
Kent WSr. Network / Systems AdminCommented:
VeraCrypt, the continuation of TrueCrypt, can encrypt whole partitions or drives. System encryption is the most secure.
It simply ask for a password at boot up, and you can create a rescue disk just in case that pass is ever forgotten.

https://www.veracrypt.fr/en/Home.html
1
 
McKnifeCommented:
Set a password for bitlocker and that's that.
0
 
nociSoftware EngineerCommented:
bitlocker without TPM?....
Any be sure laptops are shutdown, and not put on standby while on the move,,,, Otherwise the system will never have the data at  rest...
(And that is why you would want to encrypt).
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
nobusCommented:
look also at the Jetico products :  https://www.jetico.com/data-encryption
0
 
McKnifeCommented:
"bitlocker without TPM?...." - yes. Lianne has already activated the setting to allow that, else she wouldn't be allowed to use a USB drive  for unlocking. So now simply change that to a password in "manage bitlocker".
0
 
lianne143Author Commented:
Hi McKnife

Will the BitLocker  for Windows 7 enterprise work for password only. I am planning to set up the BitLocker in Windows 7 and save the encryption keys in the AD, so that if the user forgets the password , I can recover them from AD.
Thanks
0
 
McKnifeCommented:
Yes, passwords for bitlocker OS drives were introduced in win7 already.
0
 
lianne143Author Commented:
Thanks Mcknife

Please post tutorials as how to set up bit locker on Windows 7 enterprise  with the recovery keys saved to Active Directory
0
 
McKnifeCommented:
That's this GPO: Do not enable BitLocker until recovery information is stored in AD DS
See https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions#bkmk-keymanagement
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now