Information Technology Systems and Services.
ITSS home


Technology news for UMD faculty, staff and students

Data Encryption Made Easy

Data encryption - required by University policy for some devices - is now easier to implement thanks to SCCM technology.

Current University policy requires that users encrypt private data that is stored on laptop computers or other portable devices: Enhanced Security for Computers and Other Electronic Devices,

The policy also includes a link to a list of over two dozen options for encrypting your data: Encrypting Stored Data.

The list is daunting, as is this warning:

All encrypted data can be permanently lost if you forget the encryption password (or passphrase). If you decide to save them, decryption keys should be locked in a a safe location.
What's the average user to do?

ITSS has a solution: encryption using Active Directory System Center Configuration Manager (SCCM) tools.

Using SCCM, ITSS staff can quickly and easily deploy the current enterprise level operating system - including Microsoft Bitlocker encryption - to specific models of Dell or HP computers that include a TPM (Trusted Platform Module) chip. By leveraging Active Directory services, a copy of the encryption key is stored with the owner's AD profile, and is available to recover a drive in the event the TPM chip fails, hardware changes or the drive needs to be physically moved to another computer.

Don't have a Dell or HP? Haven't had your computer into the TechCenter in awhile? No problem. We can take any computer that has a TPM chip and is configured for Active Directory and deploy the encryption services via SCCM.

For more information on this service, please contact the ITSS TechCenter (218.726.8847 or