+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 27
Windows Thread, Students using encrytion in Technical; Hello folks. I'm after some advice really. Our head of ICT wants students to be able to encrypt files and ...
  1. #1
    Wildebeaste's Avatar
    Join Date
    Oct 2006
    Location
    Nottinghamshire
    Posts
    64
    Thank Post
    12
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Students using encrytion

    Hello folks.

    I'm after some advice really.

    Our head of ICT wants students to be able to encrypt files and folders on the school network. I think this is a **very** bad idea, as I absolutely don't want 'little Jonny' to be able to stash away his dodgy file collection on my servers.

    At the moment I've said a big NO to this, that I (Network Manager) need to be able to access all the files on the network, i.e. have copies of any passwords or keys or be able to gain access. But he seems to think that they will fail their course without showing evidence of this.

    How have others managed to deal with this thorny problem?

    Advice gratefully received.

    Ta.

  2. #2
    MGSTech's Avatar
    Join Date
    Jul 2007
    Posts
    364
    Thank Post
    13
    Thanked 96 Times in 55 Posts
    Rep Power
    40
    Not a lot of help But I'm with you on this one!

    So little Johnny stores his MP3, doggy JPG's etc in an encrypted file that nobody can access eh?
    Absolutly not!

    Steve

  3. #3

    Edu-IT's Avatar
    Join Date
    Nov 2007
    Posts
    7,459
    Thank Post
    408
    Thanked 672 Times in 614 Posts
    Rep Power
    192
    But he seems to think that they will fail their course without showing evidence of this.
    How about having a standalone machine which they can use for this purpose?

  4. #4
    ICTNUT's Avatar
    Join Date
    Jul 2005
    Location
    Hereford
    Posts
    1,419
    Thank Post
    196
    Thanked 249 Times in 122 Posts
    Rep Power
    63
    I would ask to see where it says that they have to encrypt files, he may have just misunderstood what has been asked of him!

    I personally cannot see how they can request files and folders be encrypted, what type of encryption method should be used, how do you prove the file is indeed encrypted, where is the evidence.

    It's non workable

  5. #5

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,271
    Thank Post
    884
    Thanked 2,749 Times in 2,322 Posts
    Blog Entries
    11
    Rep Power
    785
    Umm, if they use the built in Windows EFS encryption and you have your domain setup right then the Administrator account or another account that you specify has rights to decrypt any encrypted files created by EFS as this account is also given an encryption key. This should satisfy their course requirements as they are using encryption of the same kind that would be used in an enterprise setting. It also follows the same rules as an enterprise setting where the administrator has the power to override the lockouts if it is nessisary for the best interests of the company, ie employee leaves, legal stuff etc.

  6. Thanks to SYNACK from:

    Wildebeaste (5th September 2008)

  7. #6


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,715
    Thank Post
    288
    Thanked 789 Times in 616 Posts
    Rep Power
    226
    Isn't this more a case of they need to make a presentation / publisher document where they show (screen-shotted) the process of them encrypting a file for their coursework, rather than actually needing to encrypt something?

  8. #7
    Wildebeaste's Avatar
    Join Date
    Oct 2006
    Location
    Nottinghamshire
    Posts
    64
    Thank Post
    12
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Thanks for the replies so far.

    Domain EFS, PKI stores, Certificate authorities. That sounds like a lot of work!

    Can anyone recommend a book or website (I'll try Microsoft in a moment) which goes into these topics?

    Can the password option in Word/Office be turned off?

    Muchas gracias!

  9. #8
    Heebeejeebee's Avatar
    Join Date
    Nov 2006
    Location
    Intergalactic Cruise
    Posts
    1,067
    Thank Post
    69
    Thanked 81 Times in 64 Posts
    Rep Power
    36
    Some backup programs used to have difficulty with encrypted files. Not sure on the state of play with EFS though.

    HBJB

  10. #9
    somabc's Avatar
    Join Date
    Oct 2007
    Location
    London
    Posts
    2,337
    Thank Post
    83
    Thanked 388 Times in 258 Posts
    Rep Power
    112
    Why should students not be allowed to encrypt their files if they so choose. There is nothing you can do to stop them.

    If a student uses strong encryption such as truecrypt at home and brings in files for example. You will not be able to open them. The most you could do is try and delete them but then you have the problem of hidden drives / partitions and stenography. Basically there is nothing you can do and it is not your responsibility. If they are doing anything illegal it will be a police matter.
    Last edited by somabc; 5th September 2008 at 03:46 PM.

  11. #10


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,507
    Thank Post
    871
    Thanked 862 Times in 681 Posts
    Rep Power
    199
    I second the idea of a standalone PC or PCs which are NOT network connected and contain a bunch of files and a bunch of crypto tools.

    Could network connect the machine as long as you take steps to prevent the files entering or leaving. you definitely don't want encrypted files on your net, it could be anything in there.

  12. #11

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,345
    Thank Post
    242
    Thanked 1,602 Times in 1,278 Posts
    Rep Power
    346
    I think this is a bad idea too. Aren't NTFS permissions enough?

  13. #12

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,271
    Thank Post
    884
    Thanked 2,749 Times in 2,322 Posts
    Blog Entries
    11
    Rep Power
    785
    Quote Originally Posted by Wildebeaste View Post
    Thanks for the replies so far.

    Domain EFS, PKI stores, Certificate authorities. That sounds like a lot of work!

    Can anyone recommend a book or website (I'll try Microsoft in a moment) which goes into these topics?

    Can the password option in Word/Office be turned off?

    Muchas gracias!
    Here are some sites that may help in understanding the workings of EFS:
    Encrypting File System - Wikipedia, the free encyclopedia
    http://www.microsoft.com/technet/pro....mspx?mfr=true
    Microsoft Corporation
    Microsoft Corporation
    Encrypting File System (EFS) &middot Tutorial 2000Trainers.com

    You should be able to turn off the password protected save mode by using the group policy ADM extensions for your version of Office (2007 or 2003)

    Quote Originally Posted by Michael
    I think this is a bad idea too. Aren't NTFS permissions enough?
    NTFS permissions are stupidly easy to either take ownership of or simply ignore in most situations if you can get access to the files via an OS which you control. When it comes to file security it is like using a padlock, it will only keep out the honest people, the ones who are out to get the data will find ways around it easily.
    Last edited by SYNACK; 5th September 2008 at 04:06 PM.

  14. Thanks to SYNACK from:

    Wildebeaste (5th September 2008)

  15. #13

    Hightower's Avatar
    Join Date
    Jun 2008
    Location
    Cloud 9
    Posts
    4,920
    Thank Post
    494
    Thanked 690 Times in 444 Posts
    Rep Power
    242
    We had a one last year.... "The pupils need to access hotmail for their coursework"

    Hotmail, along with 90% of MSN features are blocked. Everyone knows, full stop.

  16. #14

    bossman's Avatar
    Join Date
    Nov 2005
    Location
    England
    Posts
    4,035
    Thank Post
    1,262
    Thanked 1,107 Times in 785 Posts
    Rep Power
    338
    I am sorry but the criteria is to create a document which is password protected, we have been doing this for a couple of years.

    I would say a big no to students having encrypted files on the network.

  17. #15
    Wildebeaste's Avatar
    Join Date
    Oct 2006
    Location
    Nottinghamshire
    Posts
    64
    Thank Post
    12
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by somabc View Post
    Why should students not be allowed to encrypt their files if they so choose. There is nothing you can do to stop them.

    If a student uses strong encryption such as truecrypt at home and brings in files for example. You will not be able to open them. The most you could do is try and delete them but then you have the problem of hidden drives / partitions and stenography. Basically there is nothing you can do and it is not your responsibility. If they are doing anything illegal it will be a police matter.
    As a Network Manager or responsible person, it is part of the job to know what is being stored on your network (as far as reasonably practicable) as it can impinge on you. Students can encrypt whatever they like on their own computers, but they will NOT do whatever they like on the school network.

    If I cannot get into a folder or file, then they won't because it will quickly be an ex-file.



SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. When students get you down...
    By russdev in forum General Chat
    Replies: 8
    Last Post: 21st May 2007, 09:07 AM
  2. Replies: 32
    Last Post: 25th July 2005, 08:17 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •