There seems to be a bit of publicity about issues surrounding the encryption of laptop data present.
Is this something that we should be applying to teacher's laptops if they are taken out of school?
If so, is there a way of encrypting data using native Windows tools or does it require third party software?
I don't know much about it but presumably the principle is to store the data in such a way that if the laptop is stolen, the contents of the hard drive cannot be retrieved and read?
So long as you are running XP Pro on the stations you could use NTFS EFS (Encrypted File System) to secure the files as it is integrated into Windows. There is almost defiantly an automated way to do it to.
You can check this by comparing a machine which has had the policy applied via GPO with one you've done manually through the GUI. The latter will show your filenames in green in Explorer, the other won't. I went to great lengths to check that the files were definitely not encrypted.
Thank you Microsoft. I wasted about a day on that little gem!
EDIT: Vista laptops have bitlocker of course, which probably works as advertised.
And he's a guide, for anyone searching for one on the forums in the future.Vista laptops have bitlocker of course, which probably works as advertised
The only problem with bitlocker at the moment is that it will only encrypt the system partition. If you have a setup with a C: and D: where users hold there info on the D then only C will be encrypted. This is hopefully going to be fixed in SP1 for Vista
The other thing with bitlocker is that you have to extend the AD schema so that it can handle the users keys so that if ever the use was to forget there password there is a way to recover from this.
You have to extend the AD schema anyway for the Wireless/Wired networking enhancements.
I think that Microsoft use D: to refer to the bootable (and hence unencrypted) partition, which then "unlocks" the system partition to run Windows in their vanilla configuration - hence the confusion.
Obviously, if you don't encrypt the system partition, you should redirect your pagefile, temp etc. to the encrypted drive, so that data doesn't leak unexpectedly!
Oh, and if you work for HMRC, don't forget to stick a post-it on the back of your keyboard with the password on it
There are currently 1 users browsing this thread. (0 members and 1 guests)