The University of Texas at Austin

Enterprise Whole Disk Encryption

Monthly Audit of SecureDoc Folders and Devices

SecureDoc department admins should periodically audit their SecureDoc environment to ensure all devices, users, and folder configurations are secure.

We recommend a monthly examination of SecureDoc Department folders from the console, based on the steps below.

Checking your devices

  • Regularly check the console Folders root folder and Recycle Bin for missing devices.
  • If a device has been encrypted but is not appearing in your department’s folder, the Folders folder, or the Recycle Bin, the device may have been inserted into another department’s folder — ask the ITS SecureDoc team for assistance as needed.
  • Confirm that your department’s encrypted devices:

    • Are present in the console folder as expected.
    • Use unique hostnames and at least one other unique identifier (i.e. UT asset tag or manufacturer’s serial number).
    • Display a fully encrypted status (solid green bar).
    • Regularly communicate with the server (time stamps within 60 days).
    • Use current department prefixed profiles (e.g. “Dept. – Windows Default” ).
    • List only authorized users as having access to the device (delete unauthorized or undesired users from the list)
    • Show autoboot-dept account access rights for each device with NO MORE than the following privileges:

      • Convert Removable Media
      • Disk Integrity Check
      • Create Emergency Disk
      • View Transaction Log

Correct out of specification device entries

  • Determine device operational status (is it offline or has it been repurposed, sent to surplus etc.)
  • Correct issues as necessary; apply a correct profile, rename devices, run diagnostic tests, etc.
  • Identify whether any devices present do not belong to your department, and move unknown devices into the console Folders root folder
  • Remove invalid device entries (devices no longer using SecureDoc encryption, failed encryptions, decommissioned /surplus devices etc.)

Verify the SecureDoc console folder configuration

  • Keep all Users Assigned to the folder current (access folder properties and add/ remove accounts to match desired assignments)
  • Ensure privileges for the autoboot-dept account are NO MORE than the following:
    • Convert Removable Media
    • Disk Integrity Check
    • Create Emergency Disk
    • View Transaction Log

Last updated July 31, 2012 @ 11:18 am

We Can Help

Get help from an expert at the ITS Help Desk!

* Call us at 512-475-9400

* Submit a help request online

We also have a walk-in service in the first floor lobby of the Flawn Academic Center (FAC). Stop by and let us help you!