WinMagic SecureDoc For Windows FAQs
What version of SecureDoc does this FAQ cover? Why do I have to have Full Disk Encryption? How does Full Disk Encryption work? Will Full Disk Encryption work on my laptop? I have a laptop, should I do something to prepare for Full Disk Encryption? How do I get Full Disk Encryption? Can I work while my computer encrypts? Can I turn my computer off while it is encrypting? Can I install the encryption client on my personal laptop? Can the installation be run from off campus? Once my laptop is encrypted, what will change? What is a SecureDoc ID? How is it different from my NetID? Why is it different than my NetID? Can I change my SecureDoc ID? I share a laptop with other people. Can my laptop still be encrypted? Can my SecureDoc ID be linked to a local account with a different name? My laptop has been encrypted, how do I change my UT Arlington password? I changed my password in Self Service - now I’m unable to log on at the encryption screen. What do I do? My laptop has been encrypted, but I forgot my password. What do I do? I receive an error message when I log on to my computer. What does this mean? How do I get a user added (or removed) from an encrypted laptop? Is my laptop protected if I put it into hibernation mode? My laptop was lost or stolen. What do I do? How do I uninstall the encryption software from my laptop? Do I need to encrypt my virtual machine on my laptop? How can I request an exception to Full Disk Encryption? How do I transfer a laptop from the current user to a new user? Will WinMagic's SecureDoc encryption slow down my computer? Is it the individual files, the hard disk or the computer that is encrypted? Is there any software program known to interfere or not work with this encryption? Which ones? How do I back-up my files to another hard disk? Does the back-up disk need to be encrypted? How? Does the encryption software need to communicate with UTA server to work? That is, can I turn on and use my computer in an area with no internet access? How do we handle usage of our laptop in areas where encrypted computers are not allowed or illegal, such as some countries, some government labs etc?
This FAQ is for the Windows (32- or 64-bit) version. For the Apple OS X version, please visit the SecureDoc for Mac FAQ.
requires all portable devices to be encrypted. In addition, UT System has set a mandate for all laptops to be encrypted by August 31, 2012. If you have concerns about encrypting your computer, contact the Information Security Office.
More information is available on the UT System Full Disk Encryption FAQ PDF
Full Disk Encryption is software that encrypts everything on a computer hard drive (including the operating system). You will have a username (SecureDoc ID) and password (in general, identical to your UT Arlington NetID and password) that you will use to access your laptop.
The encryption client software will run on Microsoft Windows and Mac OS X operating systems.
- Joining your machine to the domain, if possible
- Using your domain account to encrypt, or using a local account with the same name as your NetID (if not joined to the domain), as this will become your SecureDoc ID.
- Making a backup of your data.
- Making sure your local password (if used) is secure. You must have a password to use with SecureDoc.
- Making sure the laptop is up to date with all patches and drivers.
- Making sure you are administrator on the machine.
- Making sure you are not logging as the account named Administrator on your laptop.
If you have questions or concerns on these items or how to perform/check them, please contact the Help Desk before continuing. Regular maintenance on your laptop will help ensure a better expereience.
The software is available from the OIT software download page. You can download it after logging in with your NetID and password. In addition, you can request assistance from your DSA/ISA, or contact the Help Desk to have OIT assist you in installing the software and encrypting your laptop.
After normal business hours and weekends, laptops may be dropped of at the Help Desk. Please contact the OIT Help Desk.
On-site encryption services are available. Please contact the OIT Help Desk.
Yes, you can continue to work. You may also wait until late in the day and begin the process so that it is complete when you return to work. Turn off sleep options if you are leaving your computer to encrypt while you are away. During sleep/hibernate, your computer will not continue encrypting.
If necessary, you can restart or power down your machine, and the encryption process will continue when the machine is restarted. If possible, it will be fastest to not restart or power down the machine.
No, at this time licenses are only available for UT Arlington owned assets. UT policy prohibits University data from being stored on personal computers.
In order to create or access your SecureDoc ID, your computer must have an active internet connection during the first stage of the install. The best process is to be on campus plugged into the wireless system. If you can visit the UT Arlington home page, you have an active internet connection.
Please note that different internet providers may block ports used by SecureDoc. If you are presented with a screen asking you to confirm your SecureDoc idenity before reboot, you are not going to be able to successfully install SecureDoc from your current location.OIT strongly recommends that you do not install FDE off-campus. However, if you cannot come to campus to install SecureDoc, that you can do so from off-campus with a VPN connection.
On start up, you will be presented with the encryption logon screen. Simply enter your SecureDoc ID and password and your computer will boot as normal. The encryption client also enables secure screensavers – that is, when you are ready to use your computer after the screensaver has become active, you will need to enter your SecureDoc ID and password before proceeding.
A SecureDoc ID is the username used to authenticate you on the SecureDoc servers. The SecureDoc clients do not use the UT Arlington active directory for authentication (like the e-mail or VPN systems), and therefore you must have a SecureDoc ID on the SecureDoc server to access an encrypted laptop. In most cases, your SecureDoc ID will be the same as your NetID, especially if you encrypted a laptop connected to the UTA Domain. If your laptop was encrypted as a local account that is different than your NetID, your SecureDoc ID will match the local account name, not your NetID. If you have a SecureDoc ID that does not match your NetID, you can contact the Help Desk to have a new SecureDoc ID created and your old SecureDoc ID removed.
Yes. However, each user must have their SecureDoc ID associated with the laptop. When a laptop is initially encrypted only the SecureDoc ID of the person installing the software is granted access. To request access for additional users please contact firstname.lastname@example.org and ask to have the user added or removed. You will need to know the computer name.
In addition, each time your password is changed, you will need to log on to all laptops with your SecureDoc ID using the old password, and re-sync your password. Each user on the machine will have to do this each time they change a password.
Yes, but this is not recommended, as it makes password, account and login issues more complex. If your SecureDoc ID does not match your NetID, or if it does not match your account name, please make sure you let the Help Desk know if you are reporting problems.
Contact the OIT Help Desk for assistance with changing your password.
If a user tries to log on to their computer and enters the wrong password, after successfully logging on they will see a message similar to the one below. This message is informational to notify the user that someone has tried to access their computer.
Email the Information Security Office at email@example.com and ask to have a user added or removed. You will need to know the computer name.
Your laptop is only encrypted when it’s turned off – as soon as you log in, the hard drive is decrypted. If your computer is lost or stolen while it’s in hibernation mode, the disk is already decrypted.
Regardless of whether your computer was encrypted or not, you must follow the procedure 2-45: http://www.uta.edu/policy/procedure/2-45#missingorstolenproperty.
All laptops are required by policy to have encryption installed on them at all time. All attempts to remove the encryption software from your laptop may render it unusable. Any questions, please contact the OIT Help Desk.
No. You only need to encrypt the physical laptop.
A recent poliy change has altered the process for exceptions, and all currently granted exceptions are being reviewed by UT System. If you feel you need an exception, contact the Information Security Office for more information. Exceptions will only be granted by UT System.
Complete an inventory transfer (see Procedure 2-43). Request to have the machine be reimaged, or if that is not practical, then contact firstname.lastname@example.org to have an additional user added to the machine. You will need to know the computer name.
No. When you operating system starts, OIT recommends that you wait until all applications, including SecureDoc, is loaded.
Machines which rely on preboot loaders to decrease the boot time, such as the Lenovo X202, will see an increase in the boot load time, as they cannot access the preboot loader with the encryption. Machines with Self Encrypting Hard Drives should not suffer these performace issues.
The entire hard disk is encrypted. Files are not encrypted individually; they are contained within the encrypted disk.
The computer is not encrypted.
DeepFreeze, alternative encryption applications such as SafeBoot or TrueCrypt, or any other application that requires boot record access on the computer pose problems with the encryption program that UTA has implemented, SecureDoc. In addition, the Bluetooth protocol is not supported by the full-encryption client so Bluetooth mice and keyboards have to be replaced with wireless or wired equivalents in order for you to be able to log in to your computer. Once you’re logged in, though, a Bluetooth accessory can be used.
Your computer can be backed up to University-owned storage that is external to your system manually or by using Windows Backup, Apple Time Machine or a backup program such as Cobian Backup. If the entirety of your files are contained in your user folder, then backing up your user folder will get all of your files. Files saved outside of one’s user folder will have to be moved or singled out for backup. In case of the drive becoming unreadable, the installed applications will have to be reinstalled from the original media. Contact OIT (email@example.com) if you need network space for back-ups. Otherwise, see Personal Backup documentation on OIT’s Web site. Encryption of University-owned external devices is required. In addition, UT policy #UTS-165 states that “as a general practice Confidential University Data are not to be copied to or stored on a Portable Computing Device or a Non-University Owned Computing Device,” and such storage must be approved by the data owner. Contact ISO (firstname.lastname@example.org) for information about encrypted USB drives.
During the initial setup of the encryption software and after changes are made to a user’s password, communication with the server is required. Once the encryption is successfully set up, the encryption software allows you to use your computer when it’s not connected to the Internet.
UTA is working with UT System to devise a solution for travelers to specific foreign countries or government facilities. For interim solutions, please contact the ISO at email@example.com.