At a previous NHS...
...trust if I remember right they used Sophos encryption. I pointed out a flaw but was told "its a feature" because I "wasn't in with they boys" (c**ts more like. Harsh but fair description).
Sophos had a bad habit of locking us out of the laptops at boot. Would lock your account as well. But I had an old laptop I kept back that had my account on it that was unlocked. All I had to do was boot from the laptop with the unlocked account which would unlock the other laptop.
I gave up convincing them it was an issue. I left and later discovered someone else pointed it out. They finally listened and discovered they made the laptops overall the server instead of the other way round.