I am looking for a solution that would allow me to encrypt laptop hard drives I have tried windows efs and truecrypt. I prefer truecrypt but it does not work well for enterprise size network. With truecrypt, we have to rely on user to type in password to launch windows os. We can not give users the secret password as they will expose the password. At the same time, we can not afford someone to do the typing for them.
I am looking for a good solution. My main goal is to encrypt the entire hard drive without user input. I am willing to buy, whether software/hardware based or both, but i need to know my options.
I dont understand the point. If you decrypt the hdd without user input, how is that deifferent than not encrypting it to begin with? Anyone who gets (steals/finds) the laptop will also automatically have full access. XP is too easy to get past the login for this to work to your benefit I think and no one is going to just steal the hdd out of the laptop when thay can take the whole thing.
I personally like the rotating key via keyfob display, not the one you plug into the usb port but theone that displays the sequence you need to type in, but I understand even this has vulnerabilities.
^ OP meant Plug and Play (aka PnP), not PGP standard.
The point of this is that the user can't even get in to the HDD with out getting past the encryption in the first place.
@OP: I highly recommend your company/business/ IT department consider migrating to Win 7, I realize that this is a major undertaking, but seriously, XP is old and not that secure. In most cases, a strict UAC control prevents a lot of problems.
Also, I'm not sure is a system like this is possible... but you could have a set up where you have a server that supplies the encryption/decryption key with out user input once connected to a secure network,etc.
This is what I'm talking about: http://en.wikipedia.org/wiki/SecurID
popatim brings up a good point with the key fob idea. Many large companies use an RSA key fob set up for user log in.
How about a hardware level key? ie TPM or finger print scanner?