Encrypting Laptop Data

AnnDroyd · February 1, 2008

There seems to be a bit of publicity about issues surrounding the encryption of laptop data present.

Is this something that we should be applying to teacher's laptops if they are taken out of school?

If so, is there a way of encrypting data using native Windows tools or does it require third party software?

I don't know much about it but presumably the principle is to store the data in such a way that if the laptop is stolen, the contents of the hard drive cannot be retrieved and read?

plexer · February 1, 2008

How about:

http://edugeek.net/forums/showthread.php?t=14759

&

http://edugeek.net/forums/showthread.php?t=14667

May be some info in there for you.

Ben

SYNACK · February 1, 2008

So long as you are running XP Pro on the stations you could use NTFS EFS (Encrypted File System) to secure the files as it is integrated into Windows. There is almost defiantly an automated way to do it to.

sahmeepee · February 1, 2008

So long as you are running XP Pro on the stations you could use NTFS EFS (Encrypted File System) to secure the files as it is integrated into Windows. There is almost defiantly an automated way to do it to.

The automated way of doing it via group policy doesn't actually work. It gives the impression of having applied the policy, but all it actually does is disables the GUI controls when logged on locally.

You can check this by comparing a machine which has had the policy applied via GPO with one you've done manually through the GUI. The latter will show your filenames in green in Explorer, the other won't. I went to great lengths to check that the files were definitely not encrypted.

Thank you Microsoft. I wasted about a day on that little gem!

EDIT: Vista laptops have bitlocker of course, which probably works as advertised.

Geoff · February 1, 2008

Vista laptops have bitlocker of course, which probably works as advertised

And he's a guide, for anyone searching for one on the forums in the future.

http://www.windowsecurity.com/articles/Best-practice-guide-how-configure-BitLocker-Part1.html

Niraj · February 1, 2008

The only problem with bitlocker at the moment is that it will only encrypt the system partition. If you have a setup with a C: and D: where users hold there info on the D then only C will be encrypted. This is hopefully going to be fixed in SP1 for Vista

The other thing with bitlocker is that you have to extend the AD schema so that it can handle the users keys so that if ever the use was to forget there password there is a way to recover from this.

Geoff · February 1, 2008

You have to extend the AD schema anyway for the Wireless/Wired networking enhancements.

Martin · February 1, 2008

The only problem with bitlocker at the moment is that it will only encrypt the system partition. If you have a setup with a C: and D: where users hold there info on the D then only C will be encrypted.

That seems to be the official Microsoft line, but we have successfully encrypted just the D: drive (used for data) and left the C: drive (for the O/S) un-encrypted.

I think that Microsoft use D: to refer to the bootable (and hence unencrypted) partition, which then "unlocks" the system partition to run Windows in their vanilla configuration - hence the confusion.

Obviously, if you don't encrypt the system partition, you should redirect your pagefile, temp etc. to the encrypted drive, so that data doesn't leak unexpectedly!

Oh, and if you work for HMRC, don't forget to stick a post-it on the back of your keyboard with the password on it

mb

Sign In

Encrypting Laptop Data

Recommended Posts

AnnDroyd

plexer

SYNACK

sahmeepee

Geoff

Niraj

Geoff

Martin

Create an account or sign in to comment

Create an account

Sign in

Recent Threads

Frame of Preference [A history of Mac settings (1984-2004) - includes emulators]

SLT AI

Bromcom - Attendance Live Feed Screen/Dashboard

46 When would you like EduGeek EDIT 2025 to be held?

1. Select a time period you can attend

Home

Forums

What's New