> Active Directory集成的解决方案,可以同步域帐户和密码,以便单点登录到PC.如果可以将解密/加密磁盘访问权限委派给帮助台上的非域管理员,则此解决方案应允许Domain Admins访问任何加密驱动器并获得奖励积分.
>单独或以某种工作组模式在每台PC上运行的解决方案,允许使用单个主密码来解密笔记本电脑的驱动器.对于最终用户单点登录,与域用户帐户和密码同步也很不错.
解决方案必须可靠(例如,当用户被迫在路上更改其域密码时,不会丢失密码同步.)这是一个小商店,因此易于管理很重要.
由于最近的安全漏洞,这些权力可能会排除TrueCrypt,但出于问题的目的,我想听听它是否满足这些要求. BitLocker也是如此 – 由于缺乏升级Windows的愿望,可能会排除它,但我对它在Vista / Windows 7上的工作感兴趣.
Encrypts an entire partition or storage device such as USB flash drive or hard drive.
Using TrueCrypt Without Administrator Privileges
In Windows,a user who does not have administrator privileges can use TrueCrypt,but only after a system administrator installs TrueCrypt on the system. The reason for that is that TrueCrypt needs a device driver to provide transparent on-the-fly encryption/decryption,and users without administrator privileges cannot install/start device drivers in Windows.
After a system administrator installs TrueCrypt on the system,users without administrator privileges will be able to run TrueCrypt,mount/dismount any type of TrueCrypt volume,load/save data from/to it,and create file-hosted TrueCrypt volumes on the system. However,users without administrator privileges cannot encrypt/format partitions,cannot create NTFS volumes,cannot install/uninstall TrueCrypt,cannot change passwords/keyfiles for TrueCrypt partitions/devices,cannot backup/restore headers of TrueCrypt partitions/devices,and they cannot run TrueCrypt in portable mode.
.
07002,which means that anyone who wants to gain access and use the encrypted system,read and write files stored on the system drive,etc.,will need to enter the correct password each time before Windows boots (starts). Pre-boot authentication is handled by the TrueCrypt Boot Loader,which resides in the first track of the boot drive and on the TrueCrypt Rescue Disk.
域访问是在引导前登录之后.