1

I have a client with approximately 30 machines in a domain and each machine has Endpoint Encryption requiring a key to be entered at the machine keyboard each time the system is rebooted. These are Windows 7 Professional, Windows 8.1 and a few Windows 10 systems.

I would like to know if a technology such as Intel AMT (they are all Intel systems) would allow me to somehow enter that key remotely (they are in California and I am in Texas). AMT seems promising though perhaps restricted to specific functions...

If that won't work is there some way to divert it to an answer file with the encryption key as a temporary measure? The drive encryption product is Symantec. Happy to supply any information I've not thought of as pertinent.

Charles Mills
  • 111
  • 2

1 Answers1

2

IPMI is what you're asking about, but it's limited (at best) on most consumer and desktop hardware platforms. You'd probably have better luck buying 30 IP-KVMs.

For that matter, it sounds like the real solution would be to redesign your client's encryption architecture. It's not the 90's anymore, there's really no reason to rely on pre-OS passwords for full disk encryption. Bitlocker supports using TPM or external media for key storage to avoid this very problem. (I believe Symantec Endpoint Protection does too, for what it's worth.)

HopelessN00b
  • 53,385
  • 32
  • 133
  • 208