After deployment of BestCrypt Volume Encryption (BCVE) on remote computers administrator can manage BCVE on client computers through BestCrypt Volume Encryption tab of Jetico Central Manager Console:
Jetico Central Manager Database receives and displays the following information from BCVE program running on the client computers:
Administrator of JCM Console can manage encryption policy on client computers using the following settings:
After Encrypt fixed disks option is set, BCVE on the client computer will ask the user to enter a password to encrypt the volumes. The encryption will start and will be performed in the background. For automatic encryption, BCVE uses AES encryption algorithm and XTS encryption mode. The process can be stopped, but it will be automatically resumed after 30 seconds or after reboot. As soon as the process starts, the user will have to enter the password at boot time.
NOTE: The automatic encryption may NOT start (or not resume) for the following reasons:
1. The client computer was not rebooted after installation.
2. The client computer is currently using the option Manage by local user.
3. BCVE main window has been opened on the client computer.
3. The client-server connection has been lost.
The option is available only for the computers for which Encrypt fixed disks policy is set. As soon as administrator sets this option, JCM Console will report it in the log file:
After that, if the client computer is ON, another report in the log file is expected:
If the client computer is OFF, it will receive the setting and send this report to the Console when it is turned on. After getting this confirmation from the client, boot-time authentication has been removed.
ATTENTION! The option Suspend protection exposes a security risk. For example, someone can turn off the computer, take it out of the company, turn it on again and get access to the data. Remember to turn the option OFF as soon as automatic reboot is not required anymore.
JCM Console can highlight the client computers that use individual settings by a different icon. To enable this function, set the option Highlight computers with individual settings for BCVE in menu.