it.ucsf.edu

How to Encrypt Your Computer

Marc Lowe's picture

Introduction

These instructions are for encrypting devices used for UCSF work that are not supported by ITFS.

If you are an ITFS customer and need help with encryption, please contact the IT Service Desk at 415-514-4100.

Encrypting a computer can sometimes cause serious problems, so please follow these instructions precisely, including all steps, and in the correct order. You must also backup your machine before proceeding.

This process will also register your computer with BigFix, which is a security requirement for all devices used for UCSF business.

At any point, if you aren't comfortable proceeding, call the UCSF IT Service Desk (415-514-4100) for help.

If you would like hands-on help with encryption, sign up for an Encryption Clinic: tiny.ucsf.edu/EncryptionClinic. A tech will walk you through the instructions step-by-step. You must backup your machine before you attend the clinic.

If you would like to request an Encryption Exception: Encryption Exception.

Additional security software

UCSF provides additional software to keep your computer and the UCSF network safe, free of charge:

Unencrypting

Should you later need to unencrypt or uninstall, call the UCSF IT Service Desk at 415-514-4100 for help. The Service Desk will assist you – even after you leave UCSF.

Instructions

Jump below to instructions for:

 

 

Mac

Is my computer encrypted already?

  1. Proceed carefully: Encrypting a computer that has already been encrypted will render your computer inoperable.
  2. Check your applications folder for programs called TrueCrypt, VeraCrypt, or CipherShed. If any of these are found and if you are using whole disk encryption, you'll need to decrypt, uninstall it, then continue below to install DDPE.
  3. Check your computer for the following encryption applications:

    Icon

    Program name

    Location

    PGP or Symantec Encryption Desktop

    Applications folder

    DDPE or Dell Data Protection

    System Preferences

    or

    PointSec or Check Point

    Applications folder

    If any of these are present, your computer is probably already encrypted. You will still need to install BigFix if it is not already installed.

    If you have already enabled Apple FileVault2, you still need to install DDPE. Continue below to install DDPE.

 

Do I already have BigFix installed?

On a Mac, look in the upper-right of the menu bar near the clock for: a blue circle with a white letter "b" or a purple circle with a green arrow.

 


 

 

If you do not see the BigFix icon, download the installer for your computer here:

BigFix Installation for Windows and Mac OS

This is UCSF’s computer management program. It helps ensure that the network remains secure and allows UCSF to confirm the encryption status of lost or stolen devices.

What you need

Minimum requirements:

  • Mac OS X 10.9.5 or 10.10.x or 10.11.x
  • 4GB RAM
  • 20% free Hard Drive space
  • Your MyAccess credentials (For help visit MyAccess FAQs.)
  • ~30 - 60 minutes of installation followed by 1-8 hours unattended while the computer encrypts
  • A way to backup your data (e.g., external hard drive or online backup service)
  • For laptops, the power adapter and access to power for ~ 4 hours
  • An internet connection

Before encrypting

  1. If your computer is more than four years old, call the UCSF IT Service Desk and a support engineer will help you determine if you should proceed.
  2. At UCSF, DDPE is not supported with a Boot Camp configuration. Call the UCSF IT Service Desk for next steps in the transition to VMWare Fusion.
  3. You must back up your data and application installers!
    Encrypting a computer can sometimes cause serious problems, including drive failure. The UCSF community is eligible to use CrashPlan, an online backup service, at a significant discount. We also recommend Apple Time Machine or Time Capsule.
  4. Install any pending Apple software updates.
    1. Click on the Apple menu in the top left corner.
    2. Select “App store…”
    3. Click on “Updates”
    4. The first section should be labeled “Software Updates” Click the “Update All” button if it appears.
    5. Your computer may ask for a reboot.
    6. Click on the Apple menu in the top left corner.
    7. Select “About this Mac” to determine your OS X version.
    8. If you have OS X 10.6.8 – 10.9.5
      Click on the Apple menu in the top left corner.
      Select “App store…”
      Click on “Updates”
      Click the “Free Upgrade” button to install OS X 10.12 "Sierra
      Your computer will reboot
    9. If you have OS X 10.10.x – 10.12:
      You do not need to upgrade to OS X 10.11 "El Capitan" or OS X 10.12 "Sierra"
      School of Dentistry and Pharmacy students may need to delay upgrading to OS X 10.12 "Sierra" due to incompatibilities with ExamSoft SofTest. Please check with your school's technology coordinator(s) before upgrading to OS X 10.12.
  5. Perform disk maintenance. This step identifies or resolves problems with your hard drive that might cause encryption problems.
    1. From the top menu select “Go” and click on “Utilities”
    2. Launch “Disk Utility”
    3. In Disk Utility, in the left pane, select the top-most icon.
    4. Click “Verify disk” on the right side
    5. This process might take between 30 minutes – 2 hours.

If there are no problems, you will see a message like this:

  • The volume Macintosh HD appears to be okay.

If Disk Utility finds any problems with your disk, you may see a message like these:

  • Error: This disk needs to be repaired...
  • The volume Macintosh HD could not be repaired.
  • Error: Disk Utility can't repair this disk...

If needed, call the UCSF IT Service Desk at 415-514-4100 for help.

If no problems were reported, you are ready to encrypt.

Encrypting

If during encryption your computer loses power or is jostled, it could render your computer inoperable. Take steps to eliminate these risks before you begin.

  1. Adjust your computer’s power settings so that the computer never sleeps.

    1. Click Apple menu (in top left corner)
    2. Click System Preferences
    3. Click “Energy Saver” (Or press Command + Spacebar, type “energy saver” and press enter)
    4. Click “Power adapter” button at top if present
    5. Slide “computer sleep” to “Never”
    6. Uncheck “Put hard disks to sleep when possible”
  2. Log in to software.ucsf.edu using your MyAccess credentials.
  3. Click DDPE (Dell Data Protection Encryption). DDPE encrypts your data so that if your computer is lost or stolen unauthorized persons cannot retrieve it.

  4. Download and open the installer for Mac OS X.

  5. Follow the instructions that appear to progress through the installer, then log in to MyAccess. (For help logging in, visit MyAccess FAQs.) After you successfully log in to MyAccess, a computer registration page will appear.

  6. Registration – At the UCSF Computer Registration page, answer the question about who owns the computer, then select Submit.

    A thank you page will appear.You can close the browser window now.

  7. Follow the instructions to restart your computer and then log in to your computer.

 

Activate DDPE

  1. A dialog called Dell Data Protection Activation should appear. If it does not appear, ensure that you are connected to the internet.

    In this dialog, fill in:

    Name



     

    use your UCSF email username
    • not your email address or full name
    • typically first initial + last name
    • Students: use your SF###### number

    Password

    use your UCSF email password

    Log on to


     

    • SOM = School of Medicine
    • UCSFMC = Medical Center
    • CAMPUS = students and all others
  2. Installation will continue, and a Shield dialog box will appear.

    Click “Restart” to restart your computer.
  3. After the computer restarts, a dialog box requesting your account password should appear:

    Enter the password you use to log in to your computer.

    Follow the instructions to restart your computer again
     
  4. The encryption process will begin and usually takes between ~2-4 hours to complete. While it encrypts you may use your computer, put it to sleep, or turn it off.
     

If you had enabled Apple FileVault2 before installing DDPE, a dialog box called Dell Data Protection should appear:

If it appears, enter the following:

Key or credentials?

select Bootable Account Credentials

Username

use the login ID for your computer

Password

use the password for your computer

Your computer is already encrypted and DDPE will periodically confirm its encryption status with UCSF.

Confirming

To confirm your Mac has DDPE installed and is currently in the process of encrypting:

  1. Click on the Apple menu in the top left corner.
  2. Select “System Preference”
  3. Click the “Dell Data Protection” icon on the bottom row
  4. While your Mac is encrypting, it will look like this:

     
  5. Once your Mac is finished encrypting is completed you will see a complete green bar:


    If you don’t see the Dell Data Protection icon in System Preferences, or if disk status says something like “Repair needed” or “Unable to encrypt”, call the IT Service Desk for help.

 

 

Windows

Is my computer encrypted already?

  1. Proceed carefully: Encrypting a computer that has already been encrypted will render your computer inoperable.
  2. Check your Start menu for programs called TrueCrypt, VeraCrypt, or CipherShed. If any of these are found and if you are using whole disk encryption, you'll need to decrypt, uninstall it, then continue below to install DDPE.
  3. Check your computer for the following encryption applications.

    Icon

    Program name

    Location

    Windows BitLocker

    Control Panel – All items

    DDPE

    System tray (lower right corner)

    PGP or Symantec Encryption Desktop

    Start menu

    PointSec or Check Point

    Start menu

    If any of these are present, your computer is probably already encrypted. You will still need to install BigFix if it is not already installed.

 

Do I already have BigFix installed?

On Windows computers check the system tray (aka "task bar") and verify that you see the icon with purple circle and a green arrow.

 

If you do not see the BigFix icon, download the installer for your computer here:

BigFix Installation for Windows and Mac OS

This is UCSF’s computer management program. It helps ensure that the UCSF network remains secure and allows UCSF to confirm the encryption status of lost or stolen devices.

 

What you need

Minimum Hardware and Software Requirements:

  • Windows 7, 8.1, or 10 (Windows 7 is the most recent version of Windows supported at UCSF. DDPE encryption will run on Windows 8.1 and 10, but these versions are not recommended by UCSF IT at this time).
  • Intel Core i3, i5, or i7 processor; or AMD A series, FX, Opteron, or Phenom II processor
  • 4GB RAM (If Windows 10, we recommend 8GB RAM)
  • 20% free Hard Drive space
  • Your MyAccess credentials (For help visit MyAccess FAQs.)
  • ~ 30 - 60 minutes of installation followed by 1-8 hours unattended while the computer encrypts
  • A way to backup your data (e.g., external hard drive or online backup service)
  • For laptops, the power adapter and access to power for ~4 hours
  • An internet connection

Before encrypting

  1. If your computer is more than four years old, call the Service Desk and a support engineer will help you determine if you should proceed.
  2. You must back up your data and application installers!
    Encrypting a computer can sometimes cause serious problems, including drive failure. The UCSF community is eligible to use CrashPlan, an online backup service, at a significant discount. Windows 7 users: see Backup and Restore. Windows 8 users: see Set up a drive for File History. Windows 10 users: see Back up and restore your files
  3. Install any pending software updates.
    1. Press the Windows key
    2. Start typing “Windows Update”
    3. Select “Windows Update” from the search results
    4. Click “Check for Updates” or “View details”
    5. Install any available “Important” or “Optional” or “Recommended” updates
    6. Your computer may ask for a reboot.
  4. Confirm that your internet connection is working. If you are on campus, please connect to UCSFwpa; see the Tutorials section at UCSFwpa - Secure Wireless.
  5. Perform disk maintenance. This step identifies or resolves problems with your hard drive that might cause encryption problems.
    1. Click on the start menu
    2. Open “Computer”
    3. Right click on “Local Disk (C:)”
    4. Select “properties”
    5. Click the “Tools” tab
    6. In the “Error-checking” section, click “Check now”
    7. Make sure both checkboxes are unchecked and click Start
    8. When the disk check is done, the results will show up in a new dialog box like this one:

If there are no problems, you will see a message like this:

  • Windows has checked the file system and found no problems.
  • No problems were found on the device or disk. It is ready to use.
  • Windows has made corrections to the file system.
  • No problems were found on the device or disk.

If the disk check finds problems with your disk, you may see a message like this:

  • Windows found problems with the file system.

If needed, call the UCSF IT Service Desk at 415-514-4100 for help.

If no problems were reported, you are ready to encrypt.

Encrypting

If during encryption your computer loses power or is jostled, it could render your computer inoperable. Take steps to eliminate these risks before you begin.

  1. Adjust your computer’s power settings so that the computer never sleeps.

    1. Click on the Start button
    2. Start typing “sleep”
    3. Click on “Change when the computer sleeps” or just press enter, it should be the first result
    4. Change the “Put computer to sleep” setting under “Plugged in” to “never”
  2. Log in to software.ucsf.edu using your MyAccess credentials. (For help logging in, visit MyAccess FAQs.)
  3. Click DDPE (Dell Data Protection Encryption). DDPE encrypts your data so that if your computer is lost or stolen unauthorized persons cannot retrieve it.

  4. Download and open the installer for Windows.

  5. Right click on the downloaded file and select “Run as administrator”.

  6. Follow the instructions that appear to progress through the installer, then log in to MyAccess. (For help logging in, visit MyAccess FAQs.) After you successfully log in to MyAccess, a computer registration page will appear.

  7. Registration – At the UCSF Computer Registration page, answer the question about who owns the computer, then select Submit.

    A thank you page will appear. You can close the browser window now.

  8. Follow the instructions to restart your computer and then log in to your computer.

 

 

If you have Windows 8, 8.1, or 10:

You may need to temporarily disconnect your computer login account from the Microsoft Live service

  1. Hit the Start button to bring up the Start menu
  2. Start typing “your account”
  3. Select “Your account settings”
  4. Click “Disconnect” under your account name if it appears. If it does not show up, skip to “Confirming
  5. Windows will ask for your current password and then ask you to set a new password- you can reuse your current password.
  6. Reboot the computer.
  7. After reboot DDPE should begin an encryption sweep. (see “Confirming” below for more details)


Once DDPE begins an encryption sweep or shows “In compliance”, you can reconnect your account to your Microsoft account

  1. Hit the Start button to bring up the Start menu
  2. Start typing “your account”
  3. Select “Your account settings”
  4. Click “Connect to a Microsoft Account”
    • Enter the computer password
    • Enter your Microsoft Account login and password
    • Reboot the computer if prompted

The encryption process will begin and usually takes ~2-4 hours to complete. While it encrypts you may use your computer, put it to sleep, or turn it off.

Confirming

To confirm your computer is fully encrypted:

  1. Double-click the Dell Data Protection Encryption icon bottom right of your taskbar

     
  2. “OSDisk” should show following text: “In Compliance”. The dot over “System Storage drive” should be green as well.