Warning: iconv_mime_decode() [function.iconv-mime-decode]: Malformed string in /home/secureg/public_html/lib/standard.lib.php on line 2251
EFS with OST/PST files

EFS with OST/PST files

Secure Home | Search | About

Lost Password?

Microsoft Applications Security

get this group's latest topics as an RSS feed

add this group's latest topics to your My MSN content

add this group's latest topics to your My Yahoo content

add this group's latest topics to your Google content

Subject

Author

Date

EFS with OST/PST files

Mark

12-11-2006

Re: EFS with OST/PST files

S. Pidgorny

12-12-2006

Re: EFS with OST/PST files

Mar

12-12-2006

Re: EFS with OST/PST files

S. Pidgorny

12-13-2006

Re: EFS with OST/PST files

Mar

12-13-2006

Re: EFS with OST/PST files

S. Pidgorny

12-14-2006

Re: EFS with OST/PST files

12-17-2006

Re: EFS with OST/PST files

S. Pidgorny

12-18-2006

Re: EFS with OST/PST files

zlatan24

08-01-2007

Posted by =?Utf-8?B?TWFyaw==?= on December 11, 2006, 6:37 pm

If you were Registered and logged in, you could reply and use other advanced thread options

Are there any issues with using Microsoft EFS to encrypt OST and PST files?

Thanks in advanced for your assistance,
Mark

Posted by S. Pidgorny on December 12, 2006, 3:05 am

If you were Registered and logged in, you could reply and use other advanced thread options

Yep. "Compressible" encryption is known to be weak as useless:

The default security setting is the Compressible Encryption option. Use the
Compressible Encryption option if disk space is more important than
security. If security is more important that disk space, use the High
Encryption option, and then select a password for your .pst file.

Source: http://support.microsoft.com/?id=829971

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

> Are there any issues with using Microsoft EFS to encrypt OST and PST

> files?

> Thanks in advanced for your assistance,

> Mark

Posted by =?Utf-8?B?TWFyaw==?= on December 12, 2006, 6:56 am

If you were Registered and logged in, you could reply and use other advanced thread options

Thanks for the response. I understand the different encryption levels within
Outlook PST's as the KB article states. However our company requires that
all sensitive data be encrypted. We have implemented Microsoft’s EFS and
would like to use EFS to encrypt both the PST and OST files. My question:
Are there any known issues in using EFS to Encrypt OST and PST files?

Thanks,
Mark

"S. Pidgorny <MVP>" wrote:

> Yep. "Compressible" encryption is known to be weak as useless:

> The default security setting is the Compressible Encryption option. Use the

> Compressible Encryption option if disk space is more important than

> security. If security is more important that disk space, use the High

> Encryption option, and then select a password for your .pst file.

> Source: http://support.microsoft.com/?id=829971

> --

> Svyatoslav Pidgorny, MS MVP - Security, MCSE

> -= F1 is the key =-

> > Are there any issues with using Microsoft EFS to encrypt OST and PST

> > files?

> >

> > Thanks in advanced for your assistance,

> > Mark

> >

Posted by S. Pidgorny on December 13, 2006, 6:28 am

If you were Registered and logged in, you could reply and use other advanced thread options

Yep. Place the files on a network drive that can be made available offline
(like My Documents in most enterprise deployments), XP will use system EFS
key (and not the user's key) to encrypt offline files cache. Unless you
protect that with syskey startup password or disc, or use full disc
encryption, that protection is as good as none.

I'd like to stress the point that there is only one level of encryption of
PST that is real protection (and it's not default).

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

> Thanks for the response. I understand the different encryption levels

> within

> Outlook PST's as the KB article states. However our company requires that

> all sensitive data be encrypted. We have implemented Microsoft's EFS and

> would like to use EFS to encrypt both the PST and OST files. My question:

> Are there any known issues in using EFS to Encrypt OST and PST files?

> Thanks,

> Mark

> "S. Pidgorny <MVP>" wrote:

>> Yep. "Compressible" encryption is known to be weak as useless:

>> The default security setting is the Compressible Encryption option. Use

>> the

>> Compressible Encryption option if disk space is more important than

>> security. If security is more important that disk space, use the High

>> Encryption option, and then select a password for your .pst file.

>> Source: http://support.microsoft.com/?id=829971

>> --

>> Svyatoslav Pidgorny, MS MVP - Security, MCSE

>> -= F1 is the key =-

>> > Are there any issues with using Microsoft EFS to encrypt OST and PST

>> > files?

>> >

>> > Thanks in advanced for your assistance,

>> > Mark

>> >

Posted by =?Utf-8?B?TWFyaw==?= on December 13, 2006, 4:09 pm

If you were Registered and logged in, you could reply and use other advanced thread options

Let me clarify, you are saying there are confirmed issues with encrypting
OST/PST’s with EFS correct?
As for your suggestion for placing PST’s on the network drives, Microsoft
doesn’t support Syncing PST’s using Offline files out of the box. We have
circumvented this on a few machines as a test and while, they did sync we had
people with extremely long syncs because PST’s tend to grow upwards of
several gigs. Plus using this practice still leaves the OST on the machine
and vulnerable.
Our best strategy is to encrypt the PST/OST’s if possible.

Thanks,
Mark

"S. Pidgorny <MVP>" wrote:

> Yep. Place the files on a network drive that can be made available offline

> (like My Documents in most enterprise deployments), XP will use system EFS

> key (and not the user's key) to encrypt offline files cache. Unless you

> protect that with syskey startup password or disc, or use full disc

> encryption, that protection is as good as none.

> I'd like to stress the point that there is only one level of encryption of

> PST that is real protection (and it's not default).

> --

> Svyatoslav Pidgorny, MS MVP - Security, MCSE

> -= F1 is the key =-

> > Thanks for the response. I understand the different encryption levels

> > within

> > Outlook PST's as the KB article states. However our company requires that

> > all sensitive data be encrypted. We have implemented Microsoft's EFS and

> > would like to use EFS to encrypt both the PST and OST files. My question:

> > Are there any known issues in using EFS to Encrypt OST and PST files?

> >

> > Thanks,

> > Mark

> >

> > "S. Pidgorny <MVP>" wrote:

> >

> >> Yep. "Compressible" encryption is known to be weak as useless:

> >>

> >> The default security setting is the Compressible Encryption option. Use

> >> the

> >> Compressible Encryption option if disk space is more important than

> >> security. If security is more important that disk space, use the High

> >> Encryption option, and then select a password for your .pst file.

> >>

> >> Source: http://support.microsoft.com/?id=829971

> >>

> >> --

> >> Svyatoslav Pidgorny, MS MVP - Security, MCSE

> >> -= F1 is the key =-

> >>

> >> > Are there any issues with using Microsoft EFS to encrypt OST and PST

> >> > files?

> >> >

> >> > Thanks in advanced for your assistance,

> >> > Mark

> >> >

> >>

Similar Threads	Posted
What creates these files?	September 22, 2005, 3:36 am
HttpHandler for asp files	November 17, 2005, 2:06 pm
Recovering EFS Files	December 14, 2005, 10:09 am
security and chm files	April 6, 2006, 12:44 pm
ownership of files	April 20, 2006, 7:00 am
recover EFS files from old PC	April 23, 2006, 8:59 pm
Mysterious Files?	October 26, 2006, 3:54 pm
locking files	November 3, 2006, 9:00 pm
files on ur web directory	November 14, 2006, 12:53 pm
What are Host files?	September 23, 2007, 6:11 pm

The site map in XML format XML site map