+ Post New Thread
Results 1 to 4 of 4
Windows Thread, EFS encryption of XP offline files in Technical; As a interim measure before replacing our staff laptops with windows 7 and bit locker, I am looking for a ...
  1. #1
    robk's Avatar
    Join Date
    Nov 2005
    Location
    Ashbourne
    Posts
    542
    Thank Post
    183
    Thanked 130 Times in 109 Posts
    Blog Entries
    1
    Rep Power
    49

    EFS encryption of XP offline files

    As a interim measure before replacing our staff laptops with windows 7 and bit locker, I am looking for a very quick fix for a small number of laptops which are taken off site.

    Our my documents folder is redirected, and Off line files used to provide access to this when working with a cached account off net.

    If I enable the GPO option to encrypt the off line files cache, are there any issues if the user does not regularly sync the machine/changes their password etc?

    From what I can see for domain member workstations the domain administrator account should also have recovery rights to the off line files cache.

    Have I got this right?

    (I realise this is a very weak security measure, and files saved in the wrong place would not be encrypted, just need to put some form of fix in place while we look at the budget and workload!)

    The impact of full disk encryption is likely to make some of these machines un-usable, and anything that extends the "time to desktop" is likely to give major problems.

    Any suggestions?

    Thanks

    Robk

  2. #2

    Join Date
    Feb 2006
    Location
    London
    Posts
    126
    Thank Post
    1
    Thanked 17 Times in 9 Posts
    Rep Power
    20
    Quote Originally Posted by robk View Post
    If I enable the GPO option to encrypt the off line files cache, are there any issues if the user does not regularly sync the machine/changes their password etc?

    From what I can see for domain member workstations the domain administrator account should also have recovery rights to the off line files cache.

    Have I got this right?

    Robk
    For you piece of mind I suggest a search on passwords, encryption and recovery thereof, as I've a vague memory of the ecryption algorythm having somewthing to do with the password hash and a change of password by an administrator ( rather than the user which IIRC re-encrypts them ) may have unwanted effects. I think the logic behind it is that if a file is encrypted and the person wants to change their password it's reasonable that they want to still see the files but if they are sensitive enough to be encrypted then it's unreasonable of them to be able to be read by someone else ( albeit an administrator ) changing the password and having access to them that way.

    Might be best to set up a temp user account and do it with that, to be sure your system does actually behave the way you expect/want it to, just to be sure.

  3. #3
    box_l's Avatar
    Join Date
    May 2007
    Location
    Herefordshire
    Posts
    439
    Thank Post
    79
    Thanked 95 Times in 79 Posts
    Rep Power
    63
    The "Encrypt the Offline Files cache" Group Policy setting does not take effect when a user logs on to a Windows XP-based computer

    You users would have to local admins for this to work correctly, not something we ever allow.

    truecrypt full disk encryption does not slow "time to desktop" that much, and you know they a fully secure.

    HTH

    BoX

  4. #4
    robk's Avatar
    Join Date
    Nov 2005
    Location
    Ashbourne
    Posts
    542
    Thank Post
    183
    Thanked 130 Times in 109 Posts
    Blog Entries
    1
    Rep Power
    49
    Quote Originally Posted by box_l View Post
    The "Encrypt the Offline Files cache" Group Policy setting does not take effect when a user logs on to a Windows XP-based computer

    You users would have to local admins for this to work correctly, not something we ever allow.
    Doh! Yes that blows that idea out of the water.

    Thanks for confirming that.

    Robk



SHARE:
+ Post New Thread

Similar Threads

  1. Offline Files
    By spider6986 in forum Windows
    Replies: 3
    Last Post: 4th March 2009, 11:14 AM
  2. offline files
    By ICT_GUY in forum Wireless Networks
    Replies: 9
    Last Post: 18th March 2008, 10:11 AM
  3. offline files on but off.
    By Teth in forum Windows
    Replies: 3
    Last Post: 13th December 2007, 11:27 PM
  4. offline files
    By browolf in forum Windows
    Replies: 2
    Last Post: 25th July 2007, 11:44 AM
  5. Offline Files
    By woody in forum Windows
    Replies: 2
    Last Post: 9th December 2005, 11:52 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •