klytus.livejournal.com>>Cross-posted to my LJ<<
Ya know, when the movers-and-shakers decide they want to implement a new policy that involves technology, common sense dictates that one should run things by the tech department before they actually implement the policy.
Last Wednesday (8/29), it was decided that all laptops must be encrypted before being deployed. A sensible thing to want to do with laptops that have proprietary, and sometimes private, information. However, there are many problems with this:
1) Until today, only one man was able to actually able to do the encryption, and he was out on Friday, so we had just 2 days of him doing this.
2) The encryption process adds at least 4 hours of prep time to each laptop - longer for older, slower models with less RAM.
3) Attempts to encrypt two laptops today failed because, unknown to us at the time, it will not work on hard drives with hidden partitions.
4) Removing hidden partitions without blowing away data on the drive requires installing and running Partition Magic.
5) Even after doing that, the encryption still would not run on those laptops.
6) It is not possible to uninstall the encryption software until after it has finished encrypting the hard drive, so those laptops need to be erased and re-imaged again.
7) Even after removing the partition on other drives the encryption had not yet been loaded on, there were still problems getting it to run.
Result: We now have seven laptops that are late in being deployed because this policy was stupidly implemented before testing was done. More such delays will follow until we get the bugs worked out, and working on fixing those bugs is slowing down all the other work we also need to be doing.