Re: And this is why I prefer OpenBSD's approach to Disk Encryption
If you have proper folder redirection and a proper backup regimen, then access to the files on the individual machine is unnecessary. If your company depends on being able to access files on user systems, then your company is doomed. My company uses rsync over SSH to backup users' home directories and configuration deltas (EG pulling the logs from the package manager and producing diff's between the current version of a config file and the base file that shipped with the system).
This happens daily and allows for backing up no matter where the employee is located so long as they are connected to the internet. The intention is that any lost / stolen / failed / attacked / infected system can just be fully written off and replaced with a new system with only trivial loss in productivity. Rather than waste time to disinfect systems or to try and recover files from a failed hard disk, we just grab a new machine, through an image on it, provide the list of packages that were on the system to the package manager to install, then apply all the backed-up diffs to the configuration files. The users' home directory is then copied onto the machine, rebooted and the user can carry on with, at most, loss of anything that happened in the last 24 hours.
Biting the hand that feeds IT
