Re: Advanced Atrributes Tab under folder properties



What kind of data loss? Do you mean theft of a laptop? If so, then BitLocker is better suited to this, so perhaps you can accelerate your upgrade plans.

Properly configured, EFS can also be used to mitigate this threat, but it's more work. Follow the guidance in the Data Encryption Toolkit for Mobile PCs (search our web site for it).

--
Steve Riley
steve.riley@xxxxxxxxxxxxx
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com



"Lpoffe" <Lpoffe@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:A7D84739-425E-4712-9B6B-086EC6F9D773@xxxxxxxxxxxxxxxx
Hi,
We have more than 10.000 clients and the idea is to migrate to Vista in
2010, so that we can use bitlocker. Meantime management request that we
protect the data on our laptops, against data lost and if possible encrypted
and without spending money...
Therefore I is was thinking to implement EFS but then users should not have
the option to decrypt files...

Ludo


"Steve Riley [MSFT]" wrote:

Daniel is correct. Until you can define which threats you want to mitigate,
then you really can't design an appropriate encryption process.

--
Steve Riley
steve.riley@xxxxxxxxxxxxx
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com



"Daniel Petri <MVP>" <daniel@xxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:F21C3892-A865-461D-86F8-14834B16851A@xxxxxxxxxxxxxxxx
> Sorry for asking, but what will they gain from this? If the laptop is
> stolen, are they aware of the fact that unless it's encrypted with
> BitLocker, it's most likely that the content of e:\data will be stolen > as
> well? Are they using some sort of Smart Cards or other method of
> authentication?
>
> Unless something really sophisticated is going on that we're not aware > of,
> I'd suggest that you review your requirements, and that you ask a good
> security expert to help you design your security solutions.
>
> -- > Sincerely,
>
> Daniel Petri
> MVP, Senior IT consultant, trainer
> www.petri.co.il
>
> "Lpoffe" <Lpoffe@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:866D7408-6E0B-455B-8260-34903D82811D@xxxxxxxxxxxxxxxx
>> Hi Steve,
>>
>> I also prefer Bitlocker but if you can convince my management to move >> on
>> to
>> Vista ...
>> Unless there is Bitlocker version for XP.
>>
>> So what my management is requesting for our laptop users : keep win >> XP,
>> create a second partition (e:\ drive) and a folder 'data'. (e:\data)
>> Users don't have access to c:\ or to e:\ only to e:\data. So what we
>> want
>> is that if a user put's a file on e:\data it should be encrypted but >> he
>> should not have the option to decrypt the files on e:\data. We always
>> want
>> to keep the files encrypted.
>>
>> Ludo
>>
>> "Steve Riley [MSFT]" wrote:
>>
>>> Why do you need all users to encrypt all files? What threats are you
>>> trying
>>> to mitigate? Do they use laptops (where encryption is good, and I >>> prefer
>>> BitLocker for this) or desktops? Tell us more.
>>>
>>> -- >>> Steve Riley
>>> steve.riley@xxxxxxxxxxxxx
>>> http://blogs.technet.com/steriley
>>> http://www.protectyourwindowsnetwork.com
>>>
>>>
>>>
>>> "Lpoffe" <Lpoffe@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>>> news:A1F6E244-C950-4590-87F6-5CA59F94BA04@xxxxxxxxxxxxxxxx
>>> > Hi Daniel,
>>> >
>>> > I agree but how can I force my users to encrypt always there files >>> > ?
>>> >
>>> >
>>> >
>>> > "Daniel Petri <MVP>" wrote:
>>> >
>>> >> A folder CANNOT be encrypted with EFS. Only files can.
>>> >>
>>> >> In any case, what's the point behind ENCRYPTING something (with >>> >> EFS
>>> >> in
>>> >> this
>>> >> case), if ANY user can remove the encryption??? Do you see a logic
>>> >> here?
>>> >> I
>>> >> can't. Try doing the same to a FILE and not to a FOLDER, and >>> >> you'll
>>> >> see
>>> >> that
>>> >> only the original user and the Recovery Agent can decrypt the >>> >> file.
>>> >>
>>> >> -- >>> >> Sincerely,
>>> >>
>>> >> Daniel Petri
>>> >> MVP, Senior IT consultant, trainer
>>> >> www.petri.co.il
>>> >>
>>> >> "Lpoffe" <Lpoffe@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>>> >> news:5514CAD3-54B8-472A-A688-7546000ACBD4@xxxxxxxxxxxxxxxx
>>> >> > Hi,
>>> >> >
>>> >> > We have the following problem : we created on a partition a >>> >> > folder
>>> >> > called
>>> >> > data which has been encrypted with EFS. We always want to keep
>>> >> > that
>>> >> > folder
>>> >> > encrypted.
>>> >> > Unfortunaly a user can decrypt that folder via the 'Advanced
>>> >> > Attributes'
>>> >> > button under the folder properties.
>>> >> >
>>> >> > Question : Is there a way that we can disable that 'Advanced
>>> >> > Attributes'
>>> >> > button in such a way that the folder stays encrypted with EFS ?
>>> >> >
>>> >>
>
.



Relevant Pages

  • Re: Encryption software?
    ... Consider Vista with "Bitlocker" capability. ... Database Developer ... I want to install encryption software on my laptop, ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Vista BSOD on shutdown
    ... BitLocker on - I travel with my laptop and it contains very sensitive ... The issue is that it is rare to see a question here that involves encryption that isn't in the form, "how do I recover my encrypted data?". ...
    (microsoft.public.windows.vista.general)
  • Re: encryption with Access on a laptop
    ... Consider using Windows 7 Enterprise Edition, with BitLocker ... WinXP has encryption by a different name. ... thought my laptop was dead (I spilled red wine in the trackpad -- ...
    (microsoft.public.access.security)
  • UPDATE; Encrypted Laptop Poses Legal Dilemma
    ... Encrypted Laptop Poses Legal Dilemma ... stymied by a password-protected encryption program. ... Now Boucher is caught in a cyber-age quandary: ... The government has appealed the ruling. ...
    (alt.true-crime)
  • RE: Need a Full Drive Encryption program
    ... Need a Full Drive Encryption program ... Booting from a linux or other boot disks will defeat most setups, ... Since the BIOS controls the access to the hard drive, upon power-up, the ... > the laptop back to IBM. ...
    (Security-Basics)