Stanford Whole Disk Encryption Information for Technical Support Staff

SWDE installation requirements

This is the list of settings that will be changed on your computer when you install Stanford Whole Disk Encryption. These settings will be maintained by BigFix.

• Windows installation requirements
• Mac installation requirements

Download SWDE without Enrollment

This instance of the SWDE Application will encrypt the device and escrow its recovery key without requiring enrollment.

• SWDE without Enrollment for Windows
• SWDE without Enrollment for Mac

Answer file editor

Computer support organizations can use this program to create instances of the Enrollment/SWDE app to be incorporated into locally controlled computer deployment processes.

• Answer file editor for Windows
• Answer file editor for Mac

Escrow recovery key

At times, SWDE may not be able to encrypt the drive successfully. This could be due to an operating system incompatibility, or other reasons. If this occurs, you can encrypt the computer manually, then run this tool to escrow the recovery key outside of SWDE.

• Escrow recovery key tool for Windows
• Escrow recovery key tool for Mac

Note: Normally enrollment is required prior to key escrow, because the SUNet ID of the user who's initially escrowing the key will be recorded. The Windows tool may be run in a command shell with a /Silent switch, which will suppress the requirement to enroll as well as the tool's UI. Since the macOS tool will prompt for a local administrator password, there's effectively no silent mode; but a dummy enrollment.txt file (in /Library/Application Support/Stanford) can be manually put in place to bypass this requirement.

Note: On a Mac, SWDE Encryption might fail with an error message saying that an encryption certificate was found that must be removed before FileVault2 can be enabled. This indicates that SWDE has found either FileVaultMaster.keychain or FileVaultMaster.cer in /Library/Keychains. If either of those files exists, delete them and try again.

There has been at least one report of the error appearing and neither file existed in /Library/Keychains. If this happens, try installing FileVault manually and running the Mac recovery key generation program.

Compliance checker

This tool helps support staff identify and fix problems that can cause a computer to become dubious. See the Compliance Checker page to download the installers.