Re: Advanced Atrributes Tab under folder properties

Hi,
We have more than 10.000 clients and the idea is to migrate to Vista in
2010, so that we can use bitlocker. Meantime management request that we
protect the data on our laptops, against data lost and if possible encrypted
and without spending money...
Therefore I is was thinking to implement EFS but then users should not have
the option to decrypt files...

Ludo


"Steve Riley [MSFT]" wrote:

Daniel is correct. Until you can define which threats you want to mitigate,
then you really can't design an appropriate encryption process.

--
Steve Riley
steve.riley@xxxxxxxxxxxxx
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com



"Daniel Petri <MVP>" <daniel@xxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:F21C3892-A865-461D-86F8-14834B16851A@xxxxxxxxxxxxxxxx
Sorry for asking, but what will they gain from this? If the laptop is
stolen, are they aware of the fact that unless it's encrypted with
BitLocker, it's most likely that the content of e:\data will be stolen as
well? Are they using some sort of Smart Cards or other method of
authentication?

Unless something really sophisticated is going on that we're not aware of,
I'd suggest that you review your requirements, and that you ask a good
security expert to help you design your security solutions.

--
Sincerely,

Daniel Petri
MVP, Senior IT consultant, trainer
www.petri.co.il

"Lpoffe" <Lpoffe@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:866D7408-6E0B-455B-8260-34903D82811D@xxxxxxxxxxxxxxxx
Hi Steve,

I also prefer Bitlocker but if you can convince my management to move on
to
Vista ...
Unless there is Bitlocker version for XP.

So what my management is requesting for our laptop users : keep win XP,
create a second partition (e:\ drive) and a folder 'data'. (e:\data)
Users don't have access to c:\ or to e:\ only to e:\data. So what we
want
is that if a user put's a file on e:\data it should be encrypted but he
should not have the option to decrypt the files on e:\data. We always
want
to keep the files encrypted.

Ludo

"Steve Riley [MSFT]" wrote:

Why do you need all users to encrypt all files? What threats are you
trying
to mitigate? Do they use laptops (where encryption is good, and I prefer
BitLocker for this) or desktops? Tell us more.

--
Steve Riley
steve.riley@xxxxxxxxxxxxx
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com



"Lpoffe" <Lpoffe@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A1F6E244-C950-4590-87F6-5CA59F94BA04@xxxxxxxxxxxxxxxx
Hi Daniel,

I agree but how can I force my users to encrypt always there files ?



"Daniel Petri <MVP>" wrote:

A folder CANNOT be encrypted with EFS. Only files can.

In any case, what's the point behind ENCRYPTING something (with EFS
in
this
case), if ANY user can remove the encryption??? Do you see a logic
here?
I
can't. Try doing the same to a FILE and not to a FOLDER, and you'll
see
that
only the original user and the Recovery Agent can decrypt the file.

--
Sincerely,

Daniel Petri
MVP, Senior IT consultant, trainer
www.petri.co.il

"Lpoffe" <Lpoffe@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:5514CAD3-54B8-472A-A688-7546000ACBD4@xxxxxxxxxxxxxxxx
Hi,

We have the following problem : we created on a partition a folder
called
data which has been encrypted with EFS. We always want to keep
that
folder
encrypted.
Unfortunaly a user can decrypt that folder via the 'Advanced
Attributes'
button under the folder properties.

Question : Is there a way that we can disable that 'Advanced
Attributes'
button in such a way that the folder stays encrypted with EFS ?



.

Quantcast