What thoughts do people have on efs encrypting the documents and
settings root so that all new user profiles are EFS encryped . Is this
feasible/reliable?

Thanks

Glenn

Glenn wrote:
> What thoughts do people have on efs encrypting the documents and
> settings root so that all new user profiles are EFS encryped . Is this
> feasible/reliable?
>
> Thanks
>
> Glenn

There are many perils in using efs. Why would you want to encrypt everyone's
documents? I would only consider this in an active directory environment
where you can more easily set up a recovery agent. Anyone who uses efs
sooner or later loses data due to it. Make sure you have a good backup
strategy. Make sure you have a recovery agent set up. Make sure you export
all user efs keys and the recovery agent efs key. Something as simple as
user forgetting their password can cause data loss.

Most importantly read everything you can find on efs. Make sure you test and
understand how to recover efs files when a user profile gets lost,
corrupted, changed, etc. Test and retest many times before implementing it.
Here is a starting point for reading:

http://www.microsoft.com/technet/sec...hyetc/efs.mspx

http://www.microsoft.com/technet/pro...y/cryptfs.mspx

http://support.microsoft.com/?kbid=241201

Personally I would not recommend doing this. If you really need user's
documents to be secure then ntfs permissions and enforcing that they be
stored on a physically secure server is a better idea. If the users are
using laptops then look at 3rd party encryption solutions. Be aware that if
the encryption is any good there is always the danger of data loss. The
whole point of encryption is to make the data hard to get at.

Kerry

That won't work and you would not want to do it. The user's EFS
certificate/private key is stored in the users profile. Encrypting the
user's My Documents folder is acceptable as long as you understand ALL the
risks of EFS and have a strategy to deal with it. A commode problem of a
poorly implemented EFS strategy is that the user looses permanent access to
his files due to operating system reinstall or corruption of the users
profile. --- Steve

http://support.microsoft.com/default...b;EN-US;223316 ---
required reading for anyone considering using EFS

"Glenn" <glenn.mantle@bt.com> wrote in message
news:1135868427.327940.265550@g14g2000cwa.googlegr oups.com...
> What thoughts do people have on efs encrypting the documents and
> settings root so that all new user profiles are EFS encryped . Is this
> feasible/reliable?
>
> Thanks
>
> Glenn
>