Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Encrypting File System (EFS)

Status
Not open for further replies.
gbl

gbl

MIS
Sep 6, 2001
262
CA
I am interested in the use of encryption for securing Windows 2000. Recently I reviewd the Microsoft Stepo by Step document at First of all, do most of you find that EFS is a good encryption method?
When do you use it? for notebooks or for other purposes?
My concern with notebooks is whether or not the user should carry the encryption key when using the notebook away from the office? Has anyone had problems with a user not being able to access data after encrypting a file, or do most admins control encryption by setting it up themselves and not letting users implement or modify any encryption technique?
DO you agree with the articles recommendation to save the pfx file off the computer and on a floppy which should hen be locked up?
Thanks for your comments.
 
Sort by date Sort by votes
gbl,

I haven't read the article you pointed out, but I will share my own thoughts:

Because you MUST use NTFS in order to use the EFS, you're already more secure than most laptops that don't opt for NTFS.

Assigning NTFS level permissions to data on a laptop for instance, means that if the unit is stolen, the thief can run another Windows 2000 cd over the O/S, and gain control/ownership of those files that had permissions - but when the EFS is used, the thief will not be able to open those files that are protected with it...even after rerunning Windows 2000 setup into the O/S.

As to who should maintain ownership of the "key", I would suggest that users first:

1.)Put the data that they intend to encrypt on the LAN, and have the necessary permissions assigned to keep the data secure while it's on the LAN.
2.)Make this data folder available "Offline", and then encrypt it.
3.) After the first synchronization takes place, the data on the LAN side could be encrypted as well.
4.) If the laptop is stolen, the data is unusable to the thief, and yet there is a recent copy of the data on the LAN, from which a recovery might be attempted. Let Me Know!
[pc3]
Rich
prescot9@hotmail.com
Father, Geek, and MCP
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

dik
  • Locked
  • Question
Deleting a file 1
Replies
13
Views
204
dik
dik
pjw001
  • Locked
  • Question
Windows 11 File Explorer Preview Pane for PDF files
Replies
2
Views
154
pjw001
pjw001
spamjim
  • Locked
  • Question
Sanitizing illegal filenames on NTFS volumes
Replies
2
Views
185
spamjim
spamjim
pjw001
  • Locked
  • Question
File Explorer New File Menu (Windows 8)
Replies
1
Views
102
pjw001
pjw001
Thespian
  • Locked
  • Question
Transfer files and applications from a hard drive to a new system
Replies
4
Views
125
gbaughma
gbaughma

Part and Inventory Search

Sponsor

Back
Top