RE: Whole disk encryption



I agree with Erik.

In the Windows 2003 Server/XP Pro SP2 environment encrypting the users "My
Documents" is quite efficient. Getting the Recovery Agent Data Encryption
key is easy once you've got all the steps down. Microsoft offers several
good TechNet articles on how to set it up.

John

-----Original Message-----
From: Erik Anderson [mailto:eanders@xxxxxxxxx]
Sent: Thursday, August 24, 2006 11:07 AM
To: focus-ms@xxxxxxxxxxxxxxxxx
Subject: RE: Whole disk encryption

-----Original Message-----
From: Sarah [mailto:sfelske@xxxxxxxx]
Sent: Thursday, August 24, 2006 11:48 AM
To: focus-ms@xxxxxxxxxxxxxxxxx
Subject: Whole disk encryption



What is the consensus of the group on the use of whole disk encryption in
an enterprise environment?

Why? You only need to protect the data not the whole OS. It causes too many
problems. I don't recommend creating a headache for yourself when you only
need to protect some data.

I recommend creating an encrypted partition and mounting an encrypted file
system on that partition.

In addition there are plenty of 3rd party software packages out there that
have encrypted filter drivers or will allow you to create an encrypted
virtual disk. You use that disk just as any secondary disk. The encryption
becomes transparent to you.

Make sure to backup the keys somewhere or you will permanently loose
everything if something happens to the key.

Erik Anderson


---------------------------------------------------------------------------
---------------------------------------------------------------------------



---------------------------------------------------------------------------
---------------------------------------------------------------------------