+ Post New Thread
Results 1 to 8 of 8
Windows Thread, Encrypting Laptop Data in Technical; There seems to be a bit of publicity about issues surrounding the encryption of laptop data present. Is this something ...
  1. #1

    Join Date
    Sep 2007
    Posts
    181
    Thank Post
    4
    Thanked 2 Times in 2 Posts
    Rep Power
    14

    Encrypting Laptop Data

    There seems to be a bit of publicity about issues surrounding the encryption of laptop data present.

    Is this something that we should be applying to teacher's laptops if they are taken out of school?

    If so, is there a way of encrypting data using native Windows tools or does it require third party software?

    I don't know much about it but presumably the principle is to store the data in such a way that if the laptop is stolen, the contents of the hard drive cannot be retrieved and read?

  2. #2

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,343
    Thank Post
    624
    Thanked 1,584 Times in 1,421 Posts
    Rep Power
    414

  3. #3

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,076
    Thank Post
    853
    Thanked 2,676 Times in 2,270 Posts
    Blog Entries
    9
    Rep Power
    769
    So long as you are running XP Pro on the stations you could use NTFS EFS (Encrypted File System) to secure the files as it is integrated into Windows. There is almost defiantly an automated way to do it to.

  4. #4
    sahmeepee's Avatar
    Join Date
    Oct 2005
    Location
    Greater Manchester
    Posts
    795
    Thank Post
    20
    Thanked 70 Times in 42 Posts
    Rep Power
    33
    Quote Originally Posted by SYNACK View Post
    So long as you are running XP Pro on the stations you could use NTFS EFS (Encrypted File System) to secure the files as it is integrated into Windows. There is almost defiantly an automated way to do it to.
    The automated way of doing it via group policy doesn't actually work. It gives the impression of having applied the policy, but all it actually does is disables the GUI controls when logged on locally.

    You can check this by comparing a machine which has had the policy applied via GPO with one you've done manually through the GUI. The latter will show your filenames in green in Explorer, the other won't. I went to great lengths to check that the files were definitely not encrypted.

    Thank you Microsoft. I wasted about a day on that little gem!

    EDIT: Vista laptops have bitlocker of course, which probably works as advertised.

  5. #5

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    Vista laptops have bitlocker of course, which probably works as advertised
    And he's a guide, for anyone searching for one on the forums in the future.

    http://www.windowsecurity.com/articl...ker-Part1.html

  6. #6

    Join Date
    Jan 2008
    Posts
    12
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    The only problem with bitlocker at the moment is that it will only encrypt the system partition. If you have a setup with a C: and D: where users hold there info on the D then only C will be encrypted. This is hopefully going to be fixed in SP1 for Vista

    The other thing with bitlocker is that you have to extend the AD schema so that it can handle the users keys so that if ever the use was to forget there password there is a way to recover from this.

  7. #7

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    You have to extend the AD schema anyway for the Wireless/Wired networking enhancements.

  8. #8

    Join Date
    Sep 2006
    Location
    West Midlands
    Posts
    410
    Thank Post
    73
    Thanked 75 Times in 58 Posts
    Rep Power
    43
    Quote Originally Posted by Niraj View Post
    The only problem with bitlocker at the moment is that it will only encrypt the system partition. If you have a setup with a C: and D: where users hold there info on the D then only C will be encrypted.
    That seems to be the official Microsoft line, but we have successfully encrypted just the D: drive (used for data) and left the C: drive (for the O/S) un-encrypted.

    I think that Microsoft use D: to refer to the bootable (and hence unencrypted) partition, which then "unlocks" the system partition to run Windows in their vanilla configuration - hence the confusion.

    Obviously, if you don't encrypt the system partition, you should redirect your pagefile, temp etc. to the encrypted drive, so that data doesn't leak unexpectedly!

    Oh, and if you work for HMRC, don't forget to stick a post-it on the back of your keyboard with the password on it

    mb

SHARE:
+ Post New Thread

Similar Threads

  1. Programatic data extraction from SIMS.net Data Base
    By NetworkGeezer in forum MIS Systems
    Replies: 108
    Last Post: 16th February 2010, 09:22 PM
  2. Backing up staff laptop data
    By User3204 in forum Windows
    Replies: 21
    Last Post: 14th May 2008, 11:43 AM
  3. USB data pens?
    By Ravening_Wolf in forum Thin Client and Virtual Machines
    Replies: 7
    Last Post: 19th March 2008, 12:25 PM
  4. Replies: 2
    Last Post: 2nd May 2006, 10:42 AM
  5. Replies: 2
    Last Post: 3rd February 2006, 10:01 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •