Windows Thread, Encrypting Laptop Data in Technical; There seems to be a bit of publicity about issues surrounding the encryption of laptop data present.
Is this something ...
1st February 2008, 11:11 AM #1
- Rep Power
Encrypting Laptop Data
There seems to be a bit of publicity about issues surrounding the encryption of laptop data present.
Is this something that we should be applying to teacher's laptops if they are taken out of school?
If so, is there a way of encrypting data using native Windows tools or does it require third party software?
I don't know much about it but presumably the principle is to store the data in such a way that if the laptop is stolen, the contents of the hard drive cannot be retrieved and read?
1st February 2008, 11:19 AM #2
1st February 2008, 11:24 AM #3
So long as you are running XP Pro on the stations you could use NTFS EFS (Encrypted File System) to secure the files as it is integrated into Windows. There is almost defiantly an automated way to do it to.
1st February 2008, 11:36 AM #4
The automated way of doing it via group policy doesn't actually work. It gives the impression of having applied the policy, but all it actually does is disables the GUI controls when logged on locally.
Originally Posted by SYNACK
You can check this by comparing a machine which has had the policy applied via GPO with one you've done manually through the GUI. The latter will show your filenames in green in Explorer, the other won't. I went to great lengths to check that the files were definitely not encrypted.
Thank you Microsoft. I wasted about a day on that little gem!
EDIT: Vista laptops have bitlocker of course, which probably works as advertised.
1st February 2008, 12:18 PM #5
And he's a guide, for anyone searching for one on the forums in the future.
Vista laptops have bitlocker of course, which probably works as advertised
1st February 2008, 12:39 PM #6
- Rep Power
The only problem with bitlocker at the moment is that it will only encrypt the system partition. If you have a setup with a C: and D: where users hold there info on the D then only C will be encrypted. This is hopefully going to be fixed in SP1 for Vista
The other thing with bitlocker is that you have to extend the AD schema so that it can handle the users keys so that if ever the use was to forget there password there is a way to recover from this.
1st February 2008, 12:59 PM #7
You have to extend the AD schema anyway for the Wireless/Wired networking enhancements.
1st February 2008, 01:57 PM #8
That seems to be the official Microsoft line, but we have successfully encrypted just the D: drive (used for data) and left the C: drive (for the O/S) un-encrypted.
Originally Posted by Niraj
I think that Microsoft use D: to refer to the bootable (and hence unencrypted) partition, which then "unlocks" the system partition to run Windows in their vanilla configuration - hence the confusion.
Obviously, if you don't encrypt the system partition, you should redirect your pagefile, temp etc. to the encrypted drive, so that data doesn't leak unexpectedly!
Oh, and if you work for HMRC, don't forget to stick a post-it on the back of your keyboard with the password on it
By NetworkGeezer in forum MIS Systems
Last Post: 16th February 2010, 10:22 PM
By User3204 in forum Windows
Last Post: 14th May 2008, 12:43 PM
By Ravening_Wolf in forum Thin Client and Virtual Machines
Last Post: 19th March 2008, 01:25 PM
By CM786 in forum MIS Systems
Last Post: 2nd May 2006, 11:42 AM
Last Post: 3rd February 2006, 11:01 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Tags for this Thread