Re: Advanced Atrributes Tab under folder properties



Daniel is correct. Until you can define which threats you want to mitigate, then you really can't design an appropriate encryption process.

--
Steve Riley
steve.riley@xxxxxxxxxxxxx
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com



"Daniel Petri <MVP>" <daniel@xxxxxxxxxxxxxxxxxxxxxx> wrote in message news:F21C3892-A865-461D-86F8-14834B16851A@xxxxxxxxxxxxxxxx
Sorry for asking, but what will they gain from this? If the laptop is stolen, are they aware of the fact that unless it's encrypted with BitLocker, it's most likely that the content of e:\data will be stolen as well? Are they using some sort of Smart Cards or other method of authentication?

Unless something really sophisticated is going on that we're not aware of, I'd suggest that you review your requirements, and that you ask a good security expert to help you design your security solutions.

--
Sincerely,

Daniel Petri
MVP, Senior IT consultant, trainer
www.petri.co.il

"Lpoffe" <Lpoffe@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:866D7408-6E0B-455B-8260-34903D82811D@xxxxxxxxxxxxxxxx
Hi Steve,

I also prefer Bitlocker but if you can convince my management to move on to
Vista ...
Unless there is Bitlocker version for XP.

So what my management is requesting for our laptop users : keep win XP,
create a second partition (e:\ drive) and a folder 'data'. (e:\data)
Users don't have access to c:\ or to e:\ only to e:\data. So what we want
is that if a user put's a file on e:\data it should be encrypted but he
should not have the option to decrypt the files on e:\data. We always want
to keep the files encrypted.

Ludo

"Steve Riley [MSFT]" wrote:

Why do you need all users to encrypt all files? What threats are you trying
to mitigate? Do they use laptops (where encryption is good, and I prefer
BitLocker for this) or desktops? Tell us more.

--
Steve Riley
steve.riley@xxxxxxxxxxxxx
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com



"Lpoffe" <Lpoffe@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A1F6E244-C950-4590-87F6-5CA59F94BA04@xxxxxxxxxxxxxxxx
> Hi Daniel,
>
> I agree but how can I force my users to encrypt always there files ?
>
>
>
> "Daniel Petri <MVP>" wrote:
>
>> A folder CANNOT be encrypted with EFS. Only files can.
>>
>> In any case, what's the point behind ENCRYPTING something (with EFS >> in
>> this
>> case), if ANY user can remove the encryption??? Do you see a logic >> here?
>> I
>> can't. Try doing the same to a FILE and not to a FOLDER, and you'll >> see
>> that
>> only the original user and the Recovery Agent can decrypt the file.
>>
>> -- >> Sincerely,
>>
>> Daniel Petri
>> MVP, Senior IT consultant, trainer
>> www.petri.co.il
>>
>> "Lpoffe" <Lpoffe@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:5514CAD3-54B8-472A-A688-7546000ACBD4@xxxxxxxxxxxxxxxx
>> > Hi,
>> >
>> > We have the following problem : we created on a partition a folder
>> > called
>> > data which has been encrypted with EFS. We always want to keep >> > that
>> > folder
>> > encrypted.
>> > Unfortunaly a user can decrypt that folder via the 'Advanced
>> > Attributes'
>> > button under the folder properties.
>> >
>> > Question : Is there a way that we can disable that 'Advanced
>> > Attributes'
>> > button in such a way that the folder stays encrypted with EFS ?
>> >
>>

.



Relevant Pages

  • Re: Serious EFS Issue
    ... user's information it copied her Documents and Settings to the 2003 server. ... I am also using folder redirection with her My Documents folder, ... where I am having issues with her data encryption. ... > for use with EFS (use the account to look in the Certificates ...
    (microsoft.public.windows.server.security)
  • Re: Using EFS for laptops in a domain
    ... Another good place to post EFS ... But the real test is dragging an encrypted file into the folder. ... when I drag it to the correct spot on the server, ... I don't want to disable encryption on the server, ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Microsoft EFS
    ... Few questions on EFS. ... You can copy the folder regardless of the file system. ... keys that were used for the initial encryption, ... decrypt is tied to my password) when I change my password. ...
    (microsoft.public.security)
  • Re: Using EFS for laptops in a domain
    ... the folder. ... EFS and had not found anything. ... I'll give the folder disabling a try and ... I don't want to disable encryption on the server, ...
    (microsoft.public.windowsxp.security_admin)
  • Re: win xp
    ... Changing user accounts and passwords is not the real issue. ... Formatting over the only Encryption key is insurmountable. ... EFS is a great tool, however like dynamite, needs to be used ... >>> tab and put a check in the Make this Folder Private ...
    (microsoft.public.windowsxp.security_admin)