Parallels Encryption... passwords

I had a question surround the Encryption feature for Parallels Desktop for Mac. I work at a fortune 500 company and recently we have about 5 Mac laptops running Parallels with our Windows 7 enterprise image installed. Management would like to be more security conscious and enable the encryption feature within Parallels. Fine no problem. What are the options in the event a user forgets their Encryption password or leaves the company and the IT needs to access it for imaging purposes? Are their master keys for this event? Receovery keys? Does the Parallels SCCM software address with Enterprise need?

Bill

 

Hello Bill_Walker,

Thank you for you question!

There is no Master/Recovery keys for Encryption. It would not be secure then.
To solve the "forget password" issue save it somewhere else, for example using Password Manager software.
If IT wants to have an access to the image - you will have to share the password with them.

Parallels Management-Mac for Microsoft SCCM doesn't have the functionality to save Encryption password on the AD side as of yet.

Thanks,
Alex

 

The future releases?

The reason I ask is because we currently have items like Bitlocker and PGP deployed in our enterprise of 10,000+ and being that we are an enterprise environment we have 'recovery' keys for both those solutions. Are there at least plans to implement a feature like this with the SCCM package you offer and if so what is the ETA for that road map?

We currently have about 10 Mac system utilizing the Parallels VM environment with our Windows & corporate image on them - If we implement the encryption process on Parallels - we have no reliable fallback in the event someone forgets their password or is terminated and we need to have access to the VM in order to take an image of it for archiving purposes or forensics which ever the case may be.

Bill

 

If you already work with BitLocker and have the recovery key, then you may use it in the enterprise image running inside the virtual machine. The only thing to consider is to disable the necessity of TPM, which is not emulated.

 

Disable TPM for Parallels

Could you direct me to a current solution detailing how to disable this necessity for TPM in Parallels to allow BItlocker?

 

Under Local Computer Policy navigate to Computer Configuration \ Administrative Templates \ Windows Components \ Bit Locker Drive Encryption \ Operating System Drives and double click on Require additional authentication at startup.
Enable the feature and check the box next to Allow BitLocker without a compatible TPM, click Apply and Ok, and close out of Local Group Policy Editor.

One note for Bitlocker:
Due to the fact that disk is encrypted, we don't know which blocks are used and which are free, so Expanding disk feature will not work => your VM will take as much space as you have arranged to the virtual disk (64GB by default).

 

Not sure what to try since it still wont let me encrypt after making the policy change you stated above - not sure what i could be missing as i followed it to a T

 

Is there any error message or indication of why it doesn't allow you?

I can only think about group policy update required (reboot or gpupdate /force) and Windows 8 non-Pro version doesn't support BitLocker.

 

I made sure I adjusted the Group Policy verbatim and then performed the gpupdate /force as you mentioned above yet when I right-click the C;\ to Turn On Bitlocker i get the default message as follows:

'A compatible Trusted Platform Module (TPM) Security Device Must be present on this computer, but a TPM was not found. Pleae contact your system administrator to enable Bitlocker'

I am using the following hardware and software:

MacBook Pro 2.3GHz Intel Core i7 with OS X Version 10.8.54
Parallels Desktop for Mac 9 Build 9.0.23062 (14 day trial)
Image on Parallels is Windows 7 Enterprise SP1 (our corporate image installed to the VM via the network port and PXE boot