We help top organizations stay competitive, by implementing the latest disruptive technologies.

Latest Posts

Why You Should be Using WinMagic’s SecureDoc Encryption for a Successful Patch Strategy

Why You Should be Using WinMagic’s SecureDoc Encryption for a Successful Patch Strategy

You know you need to encrypt, at the minimum, every laptop you own. WinMagic has reported that since 2013, more than 660 million records have been compromised in data breaches. There is just no reason your company should be similarly compromised if one of your laptops is lost or stolen.

Furthermore, if the two global ransomware attacks (Petya and WannaCry) in the last two months with have taught us anything, it’s that we know we need to patch all of our devices – including our Macs (learn how in our upcoming training class).

Unfortunately, patching encrypted machines can have a negative impact on user productivity. And the last battle you need to fight is with your executive team about how patching is affecting the bottom line.

So what’s the hangup with patching encrypted devices? Well, it has everything to do with the reboot process.

If you’re applying a patch that doesn’t require a reboot, there is no need to worry about end user productivity being affected. However, if it does require a reboot, you’re going to run into issues. The reason being is that an encrypted device cannot reboot back into the OS and finish applying the new configurations. When a device is encrypted and rebooted, it will sit at the pre-boot login screen waiting for an authenticated user to unlock the disk.

If you’re patching frequently (as you should be) this means that your users may often arrive to their desk in the morning only to find they have to login to the pre-boot screen and wait for the device to finish applying its patches. This waiting will irritate your users and will eventually bubble up to management and then to the executive team – if it doesn’t start directly with the executive team to begin with.

This reboot, post-patch configuration process is what you need to avoid to be successful with your patch process and is exactly why I recommend WinMagic’s Secure Doc product to handle encryption. Not only does it provide a key management solution for all of your managed platforms (Ivanti only handles macOS), it is the only tool on the market that allows a machine on the network to bypass the pre-boot login screen.

WinMagic’s PBConnex technology allows for pre-boot network authentication to take place without a user. This way, you can continue to patch as desired, reboot as needed, and when the users return in the morning, their machine will be waiting at the Windows or Mac login screen – not the pre-boot login screen. Your users won’t need to sit and wait, and wait, and wait even more for the patch process to finish wrapping up.

Problem solved! WinMagic is worth the investment. If you’d like more information about WinMagic, please reach out to us and we’d be happy to help answer your questions.

And, if you already have WinMagic, make sure you’re deploying it as part of your Mac onboarding process. Just build a Mac package from the script below; changing out the variables as needed, and add the appropriate action to your Mac provisioning template.


# winMagic.sh
# Created by Bennett Norton on 5/29/17.

#File to copy
#change this to match your hosted path, it needs to be http
mountedVolumeName="SDFVMac 7.16.6"

#Location to copy file to
#change this to match your destination path
destinationLocation=/Library/Application\ Support/LANDesk/sdcache

#Download command
#You shouldn't need to make any changes here
#-noinstall ensure the package does not get executed
#-package is the source url path
#-destdir is the destination url path
/Library/Application\ Support/LANDesk/bin/sdclient -noinstall -package "$filePath/""$fileName" -destdir "$destinationLocation"

#Mount the DMG File
hdiutil attach "$destinationLocation/""$fileName"

#Install WinMagic

#Obtain mounted disk identifier
mountedDiskIdentifier=( $(diskutil list | grep "$mountedVolumeName" | awk '{print $6}'))

#Unmount Volume
hdiutil detach /dev/"$mountedDiskIdentifier"



No Comments

Post A Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.