Re: Info regd Hard Disk Encryption required.

From: Drew Cooper [MSFT] (dcoop_at_online.microsoft.com)
Date: 10/15/03 

Date: Tue, 14 Oct 2003 22:15:32 -0700

There are 3rd party apps that do this, some better than others. I'm not
supposed to endorse any 3rd party products, so I'll recommend doing a web
search for them.
Another similar solution is to run a virtual machine and encrypt its entire
image. EFS can handle that.

EFS doesn't do whole volume encryption yet because we haven't had enough
customer demand for this compared with demand for other possible future
features. 

-- 
Drew Cooper [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.
"Tim" <Tim@NoSpam.com> wrote in message news:bmi2gg$gj1$1@lust.ihug.co.nz...
> I would suggest you review what you want in light of cause / effect.
>
> To encrypt / decrypt the majority of a disc drive at boot time will be
> prohibitive in execution time.
>
> EFS and schemes like it are a viable alternative as the data is stored
> encrypted and only decrypted when the data is read by the authorised user.
> The decryption / encryption is transparent to the authorised user and is
on
> a directory / folder basis.
> Before using EFS, it is essential that the repurcusion of Windows system
> loss will result in loss of data is understood, so a System State backup
> with the proven ability to restore is a pre-requisite at all times.
>
> At least your second requirement is satisfied. You can mark many folders
as
> encrypted if you wish.
>
> An alternative to EFS is the older PGP Disc. I am not too sure if it is
> still available. Do a google search for PGP - the disc enryption option
has
> always been a commercial product.
>
> There are no doubt hardware encryption devices, but don't expect to see
much
> knowledge of them in the user community as they will be low volume, high
> price, and are likely to be export restricted.
>
> For Windows XP -> EFS.
> Otherwise -> PGP Disc.
>
> - Tim
>
>
>
>
>
>
>
> "Badrinath Mohan" <bmohan@NOSPAMuncc.edu> wrote in message
> news:uih$sDpkDHA.1948@TK2MSFTNGP12.phx.gbl...
> > Thanks
> > But the main problem is i have to encrypt the entire hard disk and have
to
> > decrypt it while the system is booting. and the major requirement is the
> > users tolerance must not be affected in any sense. User must be of the
> > impression that its a normal boot.
> >
> > I need to encrypt everthing probably leaving out some system files.
> > I am of the impression that Windows EFS cannot handle things at boot
time.
> >
> > What about defrag APIs ?.Any ideas on this.
> >
> > Expecting replies,
> > Regards
> > Badri
> >
> >
> >
> > "Keith W. McCammon" <km@km.com> wrote in message
> > news:uIhUQ0nkDHA.2404@TK2MSFTNGP12.phx.gbl...
> > > EFS can do this, to a large degree.  If you've already considered this
> and
> > > it is not satisfactory, you'll need to be more specific about what
> you're
> > > after.
> > >
> > > "Badrinath Mohan" <bmohan@NOSPAMuncc.edu> wrote in message
> > > news:O%23xvXlnkDHA.3612@TK2MSFTNGP11.phx.gbl...
> > > > Hi All
> > > > How can any one perform On-the-fly encryption, means the automatic
> > > > encryption of files when they are being saved and automatic
decryption
> > as
> > > > they are accessed.
> > > > I have used AES algorithm and i need to incorporate it to encrypt
hard
> > > > disks. Is it that i should write some driver and include the
> encryption
> > in
> > > > that.
> > > >
> > > > Any sites/Links or sample codes are welcome
> > > >
> > > > Expecting replies.
> > > >
> > > > Thanks and Regards
> > > >
> > > > Badri
> > > >
> > > > -------------
> > > >
> > > > Please remove NoSPAM from my email address to make a personal reply
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Relevant Pages

  • Re: EFS and Biometrics? Other options?
    ... There is no password involved in EFS. ... specified recovery agent and available keys. ... To decrypt the file, the machine must be able to access either the user's ... the private key that corresponds to the public key that was used to encrypt ...
    (Focus-Microsoft)
  • Re: efs and "encryption" overall... help?
    ... To be absolutely sure that an attacker can not access EFS encrypted files ... stronger encryption to encrypt EFS files, not that it would be easy to crack ... Pro that more then one user may be able to decrypt the file if the original ... > first encryption a certificate is created that is used to decrypt those ...
    (microsoft.public.windows.server.networking)
  • RE: Laptop Security - Microsoft EFS
    ... With EFS the keyare unique to the drive. ... EFS to encrypt system files. ... cleartext during a mount attack, but the easiest way for an attacker to gain ... who can also decrypt the respective persons info. ...
    (Security-Basics)
  • RE: EFS rollout using Active Directory
    ... I just have something to add to the Final Thought regarding laptop users: ... You can implement EFS on systems running Windows 2000 and Windows XP ... Stand-alone workstations generate their own public key certificate that you ... encrypt the contents of their files or folders. ...
    (Focus-Microsoft)
  • Re: VS2005 website deployment problems with EFS
    ... It is not WIndows EFS, but it does encrypt. ... publish website or copy website deployment methods without manually ... If I manual decrypt the files then the manual copy the files it is quick as ...
    (microsoft.public.dotnet.framework.aspnet)
Loading