|
#1
01-05-2006, 05:39 AM
|
|||
|
|||
EFS Encrypt User Profile
What thoughts do people have on efs encrypting the documents and
settings root so that all new user profiles are EFS encryped . Is this feasible/reliable? Thanks Glenn 
|
|
#2
01-05-2006, 05:39 AM
|
|||
|
|||
|
Re: EFS Encrypt User Profile
Glenn wrote:
> What thoughts do people have on efs encrypting the documents and > settings root so that all new user profiles are EFS encryped . Is this > feasible/reliable? > > Thanks > > Glenn There are many perils in using efs. Why would you want to encrypt everyone's documents? I would only consider this in an active directory environment where you can more easily set up a recovery agent. Anyone who uses efs sooner or later loses data due to it. Make sure you have a good backup strategy. Make sure you have a recovery agent set up. Make sure you export all user efs keys and the recovery agent efs key. Something as simple as user forgetting their password can cause data loss. Most importantly read everything you can find on efs. Make sure you test and understand how to recover efs files when a user profile gets lost, corrupted, changed, etc. Test and retest many times before implementing it. Here is a starting point for reading: http://www.microsoft.com/technet/sec...hyetc/efs.mspx http://www.microsoft.com/technet/pro...y/cryptfs.mspx http://support.microsoft.com/?kbid=241201 Personally I would not recommend doing this. If you really need user's documents to be secure then ntfs permissions and enforcing that they be stored on a physically secure server is a better idea. If the users are using laptops then look at 3rd party encryption solutions. Be aware that if the encryption is any good there is always the danger of data loss. The whole point of encryption is to make the data hard to get at. Kerry
|
|
#3
01-05-2006, 05:39 AM
|
|||
|
|||
|
Re: EFS Encrypt User Profile
That won't work and you would not want to do it. The user's EFS
certificate/private key is stored in the users profile. Encrypting the user's My Documents folder is acceptable as long as you understand ALL the risks of EFS and have a strategy to deal with it. A commode problem of a poorly implemented EFS strategy is that the user looses permanent access to his files due to operating system reinstall or corruption of the users profile. --- Steve http://support.microsoft.com/default...b;EN-US;223316 --- required reading for anyone considering using EFS "Glenn" <glenn.mantle@bt.com> wrote in message news:1135868427.327940.265550@g14g2000cwa.googlegr oups.com... > What thoughts do people have on efs encrypting the documents and > settings root so that all new user profiles are EFS encryped . Is this > feasible/reliable? > > Thanks > > Glenn >
|
 |
| Thread Tools | Search this Thread |
| Display Modes | |
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Error: Server rejecting sender's e-mail address | Fred | Outlook Express | 19 | 01-05-2006 04:42 PM |
| Copy user profile disabled? | Harvey | Windows XP Security Admin | 2 | 01-05-2006 05:07 AM |
| Delay opening folders caused by dcom server process launcher service | None | Windows XP Help and Support | 5 | 01-05-2006 02:46 AM |
| Long delay before Drives & Files appear in My Computer & Address Bar | shizzlenizzlator@gmail.com | Windows XP Help and Support | 3 | 01-05-2006 02:44 AM |
| Windows error message | Glo | Windows XP Basics | 41 | 01-05-2006 02:04 AM |
Linear Mode
