|
Posted by =?Utf-8?B?THBvZmZl?= on June 27, 2008, 4:03 pm
If you were Registered and logged in, you could reply and use other advanced thread options
"Steve Riley [MSFT]" wrote:
> What kind of data loss? Do you mean theft of a laptop? If so, then BitLocker
> is better suited to this, so perhaps you can accelerate your upgrade plans.
>
> Properly configured, EFS can also be used to mitigate this threat, but it's
> more work. Follow the guidance in the Data Encryption Toolkit for Mobile PCs
> (search our web site for it).
>
> --
> Steve Riley
> steve.riley@microsoft.com
> http://blogs.technet.com/steriley
> http://www.protectyourwindowsnetwork.com
>
>
>
> > Hi,
> > We have more than 10.000 clients and the idea is to migrate to Vista in
> > 2010, so that we can use bitlocker. Meantime management request that we
> > protect the data on our laptops, against data lost and if possible
> > encrypted
> > and without spending money...
> > Therefore I is was thinking to implement EFS but then users should not
> > have
> > the option to decrypt files...
> >
> > Ludo
> >
> >
> > "Steve Riley [MSFT]" wrote:
> >
> >> Daniel is correct. Until you can define which threats you want to
> >> mitigate,
> >> then you really can't design an appropriate encryption process.
> >>
> >> --
> >> Steve Riley
> >> steve.riley@microsoft.com
> >> http://blogs.technet.com/steriley
> >> http://www.protectyourwindowsnetwork.com
> >>
> >>
> >>
> >> > Sorry for asking, but what will they gain from this? If the laptop is
> >> > stolen, are they aware of the fact that unless it's encrypted with
> >> > BitLocker, it's most likely that the content of e:\data will be stolen
> >> > as
> >> > well? Are they using some sort of Smart Cards or other method of
> >> > authentication?
> >> >
> >> > Unless something really sophisticated is going on that we're not aware
> >> > of,
> >> > I'd suggest that you review your requirements, and that you ask a good
> >> > security expert to help you design your security solutions.
> >> >
> >> > --
> >> > Sincerely,
> >> >
> >> > Daniel Petri
> >> > MVP, Senior IT consultant, trainer
> >> > www.petri.co.il
> >> >
> >> >> Hi Steve,
> >> >>
> >> >> I also prefer Bitlocker but if you can convince my management to move
> >> >> on
> >> >> to
> >> >> Vista ...
> >> >> Unless there is Bitlocker version for XP.
> >> >>
> >> >> So what my management is requesting for our laptop users : keep win
> >> >> XP,
> >> >> create a second partition (e:\ drive) and a folder 'data'. (e:\data)
> >> >> Users don't have access to c:\ or to e:\ only to e:\data. So what we
> >> >> want
> >> >> is that if a user put's a file on e:\data it should be encrypted but
> >> >> he
> >> >> should not have the option to decrypt the files on e:\data. We always
> >> >> want
> >> >> to keep the files encrypted.
> >> >>
> >> >> Ludo
> >> >>
> >> >> "Steve Riley [MSFT]" wrote:
> >> >>
> >> >>> Why do you need all users to encrypt all files? What threats are you
> >> >>> trying
> >> >>> to mitigate? Do they use laptops (where encryption is good, and I
> >> >>> prefer
> >> >>> BitLocker for this) or desktops? Tell us more.
> >> >>>
> >> >>> --
> >> >>> Steve Riley
> >> >>> steve.riley@microsoft.com
> >> >>> http://blogs.technet.com/steriley
> >> >>> http://www.protectyourwindowsnetwork.com
> >> >>>
> >> >>>
> >> >>>
> >> >>> > Hi Daniel,
> >> >>> >
> >> >>> > I agree but how can I force my users to encrypt always there files
> >> >>> > ?
> >> >>> >
> >> >>> >
> >> >>> >
> >> >>> > "Daniel Petri <MVP>" wrote:
> >> >>> >
> >> >>> >> A folder CANNOT be encrypted with EFS. Only files can.
> >> >>> >>
> >> >>> >> In any case, what's the point behind ENCRYPTING something (with
> >> >>> >> EFS
> >> >>> >> in
> >> >>> >> this
> >> >>> >> case), if ANY user can remove the encryption??? Do you see a logic
> >> >>> >> here?
> >> >>> >> I
> >> >>> >> can't. Try doing the same to a FILE and not to a FOLDER, and
> >> >>> >> you'll
> >> >>> >> see
> >> >>> >> that
> >> >>> >> only the original user and the Recovery Agent can decrypt the
> >> >>> >> file.
> >> >>> >>
> >> >>> >> --
> >> >>> >> Sincerely,
> >> >>> >>
> >> >>> >> Daniel Petri
> >> >>> >> MVP, Senior IT consultant, trainer
> >> >>> >> www.petri.co.il
> >> >>> >>
> >> >>> >> > Hi,
> >> >>> >> >
> >> >>> >> > We have the following problem : we created on a partition a
> >> >>> >> > folder
> >> >>> >> > called
> >> >>> >> > data which has been encrypted with EFS. We always want to keep
> >> >>> >> > that
> >> >>> >> > folder
> >> >>> >> > encrypted.
> >> >>> >> > Unfortunaly a user can decrypt that folder via the 'Advanced
> >> >>> >> > Attributes'
> >> >>> >> > button under the folder properties.
> >> >>> >> >
> >> >>> >> > Question : Is there a way that we can disable that 'Advanced
> >> >>> >> > Attributes'
> >> >>> >> > button in such a way that the folder stays encrypted with EFS ?
> >> >>> >> >
> >> >>> >>
> >> >
| 
XML site map