Encrypting and Using Your Encrypted Computer

Per UNT policy and best practices, we encrypt all CAS IT-managed laptops.  Users with UNT laptops we do not maintain must also encrypt their laptops.

Encrypting information renders it near useless to thieves and protects our clients, students, employees, and intellectual properties because:

  • Data, in the traditional plural and abstract sense, do not convey meaning.
  • Information happens when data convey meaning to you, including confidential and/or sensitive stuff like:
    • Clinic, donor, and student identities and related matter
    • Employee identities and evaluations
    • Proprietary secrets
  • Encryption software enables you to mask information as data and unmask data into information
The processes outlined below only encrypt the internal hard drive and will not alter removable drives and cloud (server) drives--so continue to safeguard those items! Jump to:

Dell PC (Windows)

Do the following to check drive encryption status:
 
  1. Press: Ctrl+Esc
  2. Type: C:
  3. Press: Enter
 
While encrypting, you should see a padlock on top of the drive icon and a red bar progress noting limited free space available, similar to the following:
 
When done encrypting, you should see a padlock on top of the drive icon, similar to the following:
 
 

Enable Encryption

  1. Back-up all local, original work for all people who use this computer such as desktop files, bookmarks, "My Documents" files:
    • Consider copying the data to a removable "thumb" or "flash memory" drive
    • Consider trying out our new Windows back-up solution
    • Secure your backed-up information from theft
  2. Bring your computer to campus on Wednesday
  3. Get all updates:
    1. Attach it to power because encrypting requires a lot of energy
    2. Attach it to the wired network so our systems can talk with each other
    3. Leave it running overnight and through Thursday so our systems can find, schedule, and update your computer (see notes below)
  4. By Friday, the system should work as noted in the next section.
Notes:
  • Testing shows it takes six to twelve hours to encrypt an entire computer.
  • Encryption requires a lot of processing so expect it to run very slowly during that time and use a lot of energy.
  • Testing shows you may close the lid or "sleep" the computer at any time to pause the encrypting process.  Upon awakening the computer, the encrypting process automatically resumes.
 

Use your encrypted computer

Once you enable encryption, the computer should work almost identically to the way it did previously, although just a tad more slowly.
 
Our research showed that, without an additional PIN, encryption was practically useless and the technology does not currently allow the use of your current login and password (sigh).  Therefore, you must learn the new PIN:
 
  1. Login to this web site
  2. Visit the PIN web page
 
When you close/open a laptop lid, the computer goes to "sleep," slipping into a very low (but still "on") power-consumption mode.  Using the computer in this state remains the same.
 
Sometimes, when you turn off the power or the battery runs out, you turn on the computer from an "off" state, and that's when you get the new boot process:
  1. Boot your computer as normal
  2. Enter your PIN (see above) at the following screen:
  3. Use your computer as normal

Resolve Problems

Apple Mac (OS X)

 
If you got your computer before April 8th, 2015, you must spend some time to encrypt it before using it.
 

Enable Encryption

We discourage encrypting Apple Mac OS X computers remotely, so that we can ensure data integrity throughout the process.  We can however enable encryption remotely if you maintain your own backups and the risk of data loss is acceptable, the risk is very low however.

You should:

  1. Contact our Service Desk to:
    • Schedule a time to drop off your computer for a couple workdays.
  2. Back-up all locally-stored, original work.
  3. Bring your computer to GAB 313 with power cable

Once we have your computer, we plan to:

  1. Back it up as a courtesy (you remain responsible for local data!)
  2. Install the encryption software
  3. Encrypt the system

Use your encrypted computer

 
Upon boot, the new login screen displays people who may decrypt (unlock) the computer and login.
The computer should work as normal, though perhaps a tad more slowly.
 
Remember this: The next time you change your password, it may take 24 to 48 hours before your computer recognizes the change--just use the old password for the initial login screen and, if prompted again, use your new UNT password.

Resolve Problems

 

Getting Access When You Forget the Password

 
If you forget your password:
  1. Have another person (listed in the initial login screen) unlock the computer.
  2. Login to your account.
 
If that doesn't work, bring the computer to CAS IT and we can unlock it and enable you to use it again.
 

Exceptions

In some cases, encryption may cause substantial harm or pose unsuitable risk.

For such cases:

  1. CAS IT may independently determine or the user should provide CAS IT with:
    • Reason why encryption may pose substantial or unsuitable risk
    • Asset number for every laptop that falls under that justification
    • Exception term (e.g., until May 2017)
  2. If CAS IT staff agrees, CAS IT staff will submit a ticket to UNT System IT Security with the above information.
  3. If UNT System IT Security agrees, they will authorize CAS IT staff to implement the exception.