WinMagic SecureDoc For Windows FAQs
What version of SecureDoc does this FAQ cover? Why do I have to have Full Disk Encryption? How does Full Disk Encryption work? Will Full Disk Encryption work on my computer? Should I do something to prepare for Full Disk Encryption? How do I get Full Disk Encryption? Can I work while my computer encrypts? Can I turn my computer off while it is encrypting? Can I install the encryption client on my personal computer? Can the installation be run from off campus? Once my computer is encrypted, what will change? What is a SecureDoc ID? How is it different from my NetID? Why is it different than my NetID? Can I change my SecureDoc ID? I share a computer with other people. Can my computer still be encrypted? Can my SecureDoc ID be linked to a local account with a different name? My computer has been encrypted, how do I change my UT Arlington password? I changed my password in Self Service - now I’m unable to log on at the encryption screen. What do I do? My computer has been encrypted, but I forgot my password. What do I do? I receive an error message when I log on to my computer. What does this mean? How do I get a user added (or removed) from an encrypted computer? Is my computer protected if I put it into hibernation mode? My computer was lost or stolen. What do I do? How do I uninstall the encryption software from my computer? Do I need to encrypt my virtual machine on my computer? How can I request an exception to Full Disk Encryption? How do I transfer a computer from the current user to a new user? Will WinMagic's SecureDoc encryption slow down my computer? Is it the individual files, the hard disk or the computer that is encrypted? Is there any software program known to interfere or not work with this encryption? Which ones? How do I back-up my files to another hard disk? Does the back-up disk need to be encrypted? How? Does the encryption software need to communicate with UTA server to work? That is, can I turn on and use my computer in an area with no internet access? How do we handle usage of our laptop in areas where encrypted computers are not allowed or illegal, such as some countries, some government labs etc? Why do I need to have a staff NetID for a student worker to be added to an encrypted computer?
This FAQ is for the Windows (32- or 64-bit) version. For the Apple OS X version, please visit the SecureDoc for Mac FAQ. For Linux, contact the HelpDesk or the Information Security Office for assistance.
requires all portable devices to be encrypted. In addition, UT System has set a mandate for all laptops to be encrypted by August 31, 2012. All high risk desktops must also be encrypted by May 31, 2014, and all newly acquired computers after September 1, 2013 must be encrypted. If you have concerns about encrypting your computer, contact the Information Security Office.
More information is available on the UT System Full Disk Encryption FAQ PDF
Full Disk Encryption is software that encrypts everything on a computer hard drive (including the operating system). You will have a username (SecureDoc ID) and password (in general, identical to your UT Arlington NetID and password) that you will use to access your computer.
The encryption client software will run on Microsoft Windows and Mac OS X operating systems.
- Joining your machine to the domain, if possible
- Using your domain account to encrypt, or using a local account with the same name as your NetID (if not joined to the domain), as this will become your SecureDoc ID.
- Making a backup of your data.
- Making sure your local password (if used) is secure. You must have a password to use with SecureDoc.
- Making sure the computer is up to date with all patches and drivers.
- Making sure you are administrator on the machine.
- Making sure you are not logging on as the account named Administrator on your computer.
If you have questions or concerns on these items or how to perform/check them, please contact the Help Desk before continuing. Regular maintenance on your computer will help ensure a better experience.
The software is available from the OIT software download page. You can download it after logging in with your NetID and password. In addition, you can request assistance from your DSA/ISA, or contact the Help Desk to have OIT assist you in installing the software and encrypting your computer.
On-site encryption services are available. Please contact the OIT Help Desk.
Yes, you can continue to work. You may also wait until late in the day and begin the process so that it is complete when you return to work. Turn off sleep options if you are leaving your computer to encrypt while you are away. During sleep/hibernate, your computer will not continue encrypting.
If necessary, you can restart or power down your machine, and the encryption process will continue when the machine is restarted. If possible, it will be fastest to not restart or power down the machine.
No, at this time licenses are only available for UT Arlington owned assets. UT policy prohibits University data from being stored on personal computers.
In order to create or access your SecureDoc ID, your computer must have an active internet connection during the first stage of the install. The best process is to be on campus plugged into the wireless system. If you can visit the UT Arlington home page, you have an active internet connection.
Please note that different internet providers may block ports used by SecureDoc. If you are presented with a screen asking you to confirm your SecureDoc user ID before reboot, you are not going to be able to successfully install SecureDoc from your current location.OIT strongly recommends that you do not install FDE off-campus. However, if you cannot come to campus to install SecureDoc, that you can do so from off-campus with a VPN connection.
On start up, you will be presented with the encryption logon screen. Simply enter your SecureDoc ID and password and your computer will boot as normal. The encryption client also enables secure screensavers – that is, when you are ready to use your computer after the screensaver has become active, you will need to enter your SecureDoc ID and password before proceeding.
A SecureDoc ID is the username used to authenticate you on the SecureDoc servers. The SecureDoc clients do not use the UT Arlington active directory for authentication (like the e-mail or VPN systems), and therefore you must have a SecureDoc ID on the SecureDoc server to access an encrypted computer. In most cases, your SecureDoc ID will be the same as your NetID, especially if you encrypted a computer connected to the UTA Domain. If your computer was encrypted with a local account that is different than your NetID, your SecureDoc ID will match the local account name, not your NetID. If you have a SecureDoc ID that does not match your NetID, you can contact the Help Desk to have a new SecureDoc ID created and your old SecureDoc ID removed.
Yes. However, each user must have their SecureDoc ID associated with the computer. When a computer is initially encrypted, only the SecureDoc ID of the person installing the software is granted access. To request access for additional users please ask the department's ISA to make a request to the Help Desk by email (firstname.lastname@example.org). Please include the computer name and user NetID's to be added or removed.
In addition, each time your password is changed, you will need to log on to all computers with your SecureDoc ID using the old password, and re-sync your password. Each user on the machine will have to do this each time they change a password.
No, due to issues we have encountered we are now requiring SecureDoc UserIDs to match the user's NetID. Where there is a username collision from older local SecureDoc accounts, the user who owns the NetID wins.
Contact the OIT Help Desk for assistance with changing your password.
If a user tries to log on to their computer and enters the wrong password, after successfully logging on they will see a message similar to the one below. This message is informational to notify the user that someone has tried to access their computer.
Have the Departmental ISA email the Help Desk at email@example.com and ask to have a user added or removed. Please include the computer name and user NetID's to be added or removed.
Your computer is only encrypted when it’s turned off – as soon as you log in, the hard drive is decrypted. If your computer is lost or stolen while it’s in hibernation mode, the disk is already decrypted.
Regardless of whether your computer was encrypted or not, you must follow the procedure 2-45: http://www.uta.edu/policy/procedure/2-45#missingorstolenproperty.
All laptops, Desktops identified as high risk and new computers purchased after September 1, 2013 are required by policy to have encryption installed on them at all times. All attempts to remove the encryption software from your computer may render it unusable. Any questions, please contact the OIT Help Desk.
No. You only need to encrypt the physical computer.
Exceptions are reviewed on a case by case basis. To request an exception, fill out the “Computing Device Encryption Exception Request” form 18-1 located in the “HOP” at https://www.uta.edu/policy/form/18-1. After the form is completed fax or scan & email the form to the Information Security Office at (817) 272-2612 or firstname.lastname@example.org.
Complete an inventory transfer (see Procedure 2-43). Request to have the machine to be reimaged, or if that is not practical, then have the Departmental ISA email the Help Desk at email@example.com to have the user added. Please include the computer name and the user NetID to be added.
No. When you operating system starts, OIT recommends that you wait until all applications, including SecureDoc, is loaded.
Machines which rely on preboot loaders to decrease the boot time, such as the Lenovo X202, will see an increase in the boot load time, as they cannot access the preboot loader with the encryption. Machines with Self Encrypting Hard Drives should not suffer these performace issues.
The entire hard disk is encrypted. Files are not encrypted individually; they are contained within the encrypted disk.
The computer is not encrypted.
DeepFreeze on Macintosh devices, alternative encryption applications such as SafeBoot or TrueCrypt, or any other application that requires boot record access on the computer pose problems with the encryption program that UTA has implemented, SecureDoc. In addition, the Bluetooth protocol is not supported by the full-encryption client so Bluetooth mice and keyboards have to be replaced with wireless or wired equivalents in order for you to be able to log in to your computer. Once you’re logged in, though, a Bluetooth accessory can be used.
Your computer can be backed up to University-owned storage that is external to your system manually or by using Windows Backup, Apple Time Machine or a backup program such as Cobian Backup. If the entirety of your files are contained in your user folder, then backing up your user folder will get all of your files. Files saved outside of one’s user folder will have to be moved or singled out for backup. In case of the drive becoming unreadable, the installed applications will have to be reinstalled from the original media. Contact OIT (firstname.lastname@example.org) if you need network space for back-ups. Otherwise, see Personal Backup documentation on OIT’s Web site. Encryption of University-owned external devices is required. In addition, UT policy #UTS-165 states that “as a general practice Confidential University Data are not to be copied to or stored on a Portable Computing Device or a Non-University Owned Computing Device,” and such storage must be approved by the data owner. Contact ISO (email@example.com) for information about encrypted USB drives.
During the initial setup of the encryption software and after changes are made to a user’s password, communication with the server is required. Once the encryption is successfully set up, the encryption software allows you to use your computer when it’s not connected to the Internet.
UTA is working with UT System to devise a solution for travelers to specific foreign countries or government facilities. For interim solutions, please contact the ISO at firstname.lastname@example.org.
There is a need to maintain a separation between student (academic) work and UTA business. This allows a student’s staff account to be disabled without interfering with their student academic work. Student employees need to access office computers with staff accounts to ensure the separation occurs. Note that students requiring access to an academic computer for pure academic work do NOT require a separate account.