ZENworks Full Disk Encryption protects a device’s data from unauthorized access when the device is powered off or in hibernation mode. To provide data protection, the whole disk or partition is encrypted, including temporary files, swap files, and the operating system. The data cannot be accessed until an authorized user logs in, and can never be accessed by booting the device from media such as a CD/DVD, floppy disk, or USB drive. For an authorized user, accessing data on the encrypted disk is no different than accessing data on an unencrypted disk.
The following tasks must be done in the order listed.
|
Task |
Details |
|
|---|---|---|
|
Activate Full Disk Encryption |
If you did not activate Full Disk Encryption during installation of the Management Zone, either by providing a license key or by turning on the evaluation, you must do so before you can use the product. For instructions, see Activating Full Disk Encryption. |
|
|
Enable the Full Disk Encryption Agent |
The Full Disk Encryption Agent performs disk encryption. It must be installed and enabled on each device whose disks you want to encrypt. For instructions, see Enabling the Full Disk Encryption Agent. |
|
|
Create a Disk Encryption policy |
The information required to encrypt a devices disks is passed to the Full Disk Encryption Agent via a Disk Encryption policy. You must create at least one policy. For instructions, see Creating a Disk Encryption Policy. |
|
|
Assign the policy to devices |
Disk Encryption policies can only be assigned to devices, device groups, or device folders. For instructions, see Assigning the Policy to Devices. |
|