Re: Encrypting Folders: Which ones?
- From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 22 Aug 2006 13:56:29 -0500
Just to add I don't see how you can configure EFS via an image since the
user you logon with to create the base image will not be the user that uses
the computer. EFS uses PKI which complicates such setup. You might be able
to use a Group Policy logon script using the cipher /E command for when the
actual user logs onto the computer to configure encryption on designated
folders.
Steve
"Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:dYudnZyW5ZRjzXbZnZ2dnUVZ_tqdnZ2d@xxxxxxxxxxxxxx
If you have not seen it yet the white paper at the first link below would
be a good read and it contains many links at the end of the article. A
common problem with EFS or other encryption programs is lack of access to
the encrypted files for the authorized users that can happen if the EFS
private keys are deleted or corrupted so you want to make SURE you have a
plan to minimize such problems such as using a Recovery Agent.
http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx
http://support.microsoft.com/default.aspx?scid=kb;EN-US;223316 --- EFS
best practices
I would not suggest that you encrypt the whole documents and settings
folder or entire user's profile folder but instead encrypt only the
folders containing sensitive data. Your problem is probably a result of
the user's EFS private key being stored in the user's profile which you
are trying to encrypt. In particular they are stored in the user's profile
in the application data\Microsoft\RSA folder. The \Windows folder should
also not be encrypted as it contains system files. You may also want to
post in the Microsoft.public.security.crypto newsgroup.
Steve
"a144mb" <a144mb@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:32990BC6-C368-4944-98F0-1D8729C8A6FB@xxxxxxxxxxxxxxxx
Because of the recent government laptop thefts, I'm trying to encrypt
folders
on my (C:) Drive. I have about 150 Dell D-Series Laptops and ALL transfer
some form of Credit Card data 8 - 10 times a month. Obviously, I have to
create a base image to image so many laptops. The laptops run WinXP, SP2;
Office 2003, SP2, Symantec 10 and Windows Defender. Well on my base image
(clean install), elected to encrypt the "C:\WINDOWS" folder, "Documents &
Settings" folder, and the "Programs" folder. After I restarted, all of
the
icons on the desktop applications icons AND the Programs Menu icons were
blank and nonfunctional. I then proceeded to remove the encryption from
all
three folders but the desktop application icons and Program Menu icons
remained nonfunctional. If I drilled down into the Programs Folder on the
hard drive to access the applications, they launched normally! Yes, I
could
replace the desktop's application icons with the original because the
desktop
icons are just shortcuts as we all know. But ALL of the Program menu
icons
are nonfunctional. For instance, if I go to 'Accessories > System
Restore',
System Restore is not fuctional...it too is blank. What could cause this
and
what is a viable solution? Which folder or files should I encrypt? Thanks
in
advance!
.
- References:
- Re: Encrypting Folders: Which ones?
- From: Steven L Umbach
- Re: Encrypting Folders: Which ones?
- Prev by Date: Re: Encrypting Folders: Which ones?
- Next by Date: Fingerprint logins.
- Previous by thread: Re: Encrypting Folders: Which ones?
- Next by thread: Re: Encrypting Folders: Which ones?
- Index(es):
Relevant Pages
|
