|
Next: Administrator incorrectly denied access
|
| Author |
Message |
External
Since: Jan 04, 2006
Posts: 14
|
(Msg. 1) Posted: Sun Aug 26, 2007 6:46 pm
Post subject: Encryption - EFS vs. Bit Blocker
Archived from groups: microsoft>public>windows>vista>security (more info?)
|
|
|
I'm sure this has been asked before but I couldn't find any threads
discussing it..
I've been reluctant to switch over from a desktop machine to a laptop
for fear of someone stealing it and getting access to all my personal
files. However, I just purchased a new laptop with Vista Business
installed and I like it and am considering making the move from a
desktop to a laptop as my primary machine.
I've got a new Lenovo 3000 N200.
So how do I protect my personal files from being accessed if someone
were to snatch my laptop from my car ?
I've been reading and reading and reading about EFS and BitBlocker. I
know I will need to upgrade to Ultimate for BitBlocker (which brings up
other questions about upgrading) but I'll stick to the encryption
question here.
Would EFS be sufficient for protecting my personal files?
Is there anyway someone can take the hard disk out of my laptop, put it
in another machine as a secondary drive, or installed into one of those
portable drive shells, take ownership of the drive and get access to my
files?
Is it practical to encrypt the entire Documents folder from a
performance perspective?
What practices are required? I've read numerous help files and KB
articles and I'm totally confused now about certificates and encryption
keys.. Do I need to back them both up? From what I've read, there are
backup instructions for them both yet one contains the other so I can't
understand why backing them both up is necessary, or for that matter
even mentioned in the help files - unless it's to create as much
confusion as possible.
If I backup my files and restore them, what EXACTLY do I need to gain
access to them again on another PC or a new PC? How many certificates
and keys are involoved?
I read something about taking the private key off the computer when
unattended since it would aid in someone getting access to the files.
THIS I believe is in a MSFT KB about "best practices".. Is that REALLY
necessary? Is there another "non-private" type of key also?
Whew!!! I'm Dazed & Confused but that's normal after reading Microsoft
(marketing fluffed) literature on product features..
Are there any other resources that help unravel all this since Microsoft
as failed to do so for me... Something specific to storing personal
files on a laptop?
Thanks
Bryan |
|
| Back to top |
|
 | |
External
Since: Aug 28, 2007
Posts: 6
|
(Msg. 2) Posted: Sun Aug 26, 2007 6:46 pm
Post subject: Re: Encryption - EFS vs. Bit Blocker [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Check out the new Data Encryption Toolkit at
http://www.microsoft.com/technet/security/guidance/clientsecurity/data...ryption
It's got some good information to help you understand the differences
between EFS and BitLocker and how they can protect your information.
For BitLocker, you'll need Vista Business with Software Assurance, Visa
Enterprise, or Vista Ultimate.
For EFS, yes protecting your "My Documents" folder is a good start. There
are others you should protect, too; the Data Encryption Toolkit has a
utility that will enable encryption on all the relevant places in your
computer.
--
Steve Riley
steve.riley DeleteThis @microsoft.com
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com
"Jake" <Jaker00at DeleteThis @Yahoo.com> wrote in message
news:Xns999896489768Bryanbahotmailcom@66.250.146.128...
> I'm sure this has been asked before but I couldn't find any threads
> discussing it..
>
> I've been reluctant to switch over from a desktop machine to a laptop
> for fear of someone stealing it and getting access to all my personal
> files. However, I just purchased a new laptop with Vista Business
> installed and I like it and am considering making the move from a
> desktop to a laptop as my primary machine.
>
> I've got a new Lenovo 3000 N200.
>
>
> So how do I protect my personal files from being accessed if someone
> were to snatch my laptop from my car ?
>
>
> I've been reading and reading and reading about EFS and BitBlocker. I
> know I will need to upgrade to Ultimate for BitBlocker (which brings up
> other questions about upgrading) but I'll stick to the encryption
> question here.
>
>
> Would EFS be sufficient for protecting my personal files?
>
> Is there anyway someone can take the hard disk out of my laptop, put it
> in another machine as a secondary drive, or installed into one of those
> portable drive shells, take ownership of the drive and get access to my
> files?
>
> Is it practical to encrypt the entire Documents folder from a
> performance perspective?
>
>
> What practices are required? I've read numerous help files and KB
> articles and I'm totally confused now about certificates and encryption
> keys.. Do I need to back them both up? From what I've read, there are
> backup instructions for them both yet one contains the other so I can't
> understand why backing them both up is necessary, or for that matter
> even mentioned in the help files - unless it's to create as much
> confusion as possible.
>
>
> If I backup my files and restore them, what EXACTLY do I need to gain
> access to them again on another PC or a new PC? How many certificates
> and keys are involoved?
>
> I read something about taking the private key off the computer when
> unattended since it would aid in someone getting access to the files.
> THIS I believe is in a MSFT KB about "best practices".. Is that REALLY
> necessary? Is there another "non-private" type of key also?
>
> Whew!!! I'm Dazed & Confused but that's normal after reading Microsoft
> (marketing fluffed) literature on product features..
>
> Are there any other resources that help unravel all this since Microsoft
> as failed to do so for me... Something specific to storing personal
> files on a laptop?
>
> Thanks
> Bryan
>
> |
|
| Back to top |
|
| |
External
Since: Jan 04, 2006
Posts: 14
|
(Msg. 3) Posted: Mon Aug 27, 2007 3:13 am
Post subject: Re: Encryption - EFS vs. Bit Blocker [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Thanks Steve..
I'll check out that site. I may have already stumbled upon it though..
What about encrypting the entire user folder under C:\Users for my user
account?
I'm a MS Alumni so I'm pretty sure I can get Ultimate for cheaper price
than unlocking it through the online upgrade. Do you know if I can just
use the product key (change product keys) from a retail copy of Ultimate
to upgrade my OEM Business edition? I'm not sure how all that works..
Thanks
Bryan
"Steve Riley [MSFT]" <steve.riley DeleteThis @microsoft.com> wrote in
news:#rU5TNE6HHA.2380@TK2MSFTNGP02.phx.gbl:
> Check out the new Data Encryption Toolkit at
> http://www.microsoft.com/technet/security/guidance/clientsecurity/datae
> ncryption/default.mspx. It's got some good information to help you
> understand the differences between EFS and BitLocker and how they can
> protect your information.
>
> For BitLocker, you'll need Vista Business with Software Assurance,
> Visa Enterprise, or Vista Ultimate.
>
> For EFS, yes protecting your "My Documents" folder is a good start.
> There are others you should protect, too; the Data Encryption Toolkit
> has a utility that will enable encryption on all the relevant places
> in your computer.
> |
|
| Back to top |
|
| |
External
Since: Aug 28, 2007
Posts: 6
|
(Msg. 4) Posted: Tue Aug 28, 2007 3:28 pm
Post subject: Re: Encryption - EFS vs. Bit Blocker [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
We haven't tested the scenario you mention--encrypting an entire
C:\Users\<myuserfolder>, so I can't predict what would happen. Some apps
might have installation troubles, maybe? It's best to go with the guidance
in the toolkit, we have tested that.
I don't know about the licensing question...
--
Steve Riley
steve.riley DeleteThis @microsoft.com
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com
"Jake" <Jaker00at DeleteThis @Yahoo.com> wrote in message
news:Xns9998EC56BB71DBryanbahotmailcom@66.250.146.128...
> Thanks Steve..
>
> I'll check out that site. I may have already stumbled upon it though..
>
> What about encrypting the entire user folder under C:\Users for my user
> account?
>
> I'm a MS Alumni so I'm pretty sure I can get Ultimate for cheaper price
> than unlocking it through the online upgrade. Do you know if I can just
> use the product key (change product keys) from a retail copy of Ultimate
> to upgrade my OEM Business edition? I'm not sure how all that works..
>
> Thanks
> Bryan
>
>
>
>
> "Steve Riley [MSFT]" <steve.riley DeleteThis @microsoft.com> wrote in
> news:#rU5TNE6HHA.2380@TK2MSFTNGP02.phx.gbl:
>
>> Check out the new Data Encryption Toolkit at
>> http://www.microsoft.com/technet/security/guidance/clientsecurity/datae
>> ncryption/default.mspx. It's got some good information to help you
>> understand the differences between EFS and BitLocker and how they can
>> protect your information.
>>
>> For BitLocker, you'll need Vista Business with Software Assurance,
>> Visa Enterprise, or Vista Ultimate.
>>
>> For EFS, yes protecting your "My Documents" folder is a good start.
>> There are others you should protect, too; the Data Encryption Toolkit
>> has a utility that will enable encryption on all the relevant places
>> in your computer.
>>
> |
|
| Back to top |
|
| |
External
Since: Sep 10, 2007
Posts: 5
|
(Msg. 5) Posted: Tue Sep 11, 2007 8:54 am
Post subject: RE: Encryption - EFS vs. Bit Blocker [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Doesn't the Lenovo have bios level options for a Power-On Password and Hard
Drive password? My T61 does and when enabled the system will not power on or
go into the bios unless the password is entered. The Hard Drive password
locks the hard drive to a password, even if it's removed from the system to a
new one.
Just like anything make sure you understand the options before implementing
them, because if the passwords are forgotten then you are pretty much out of
luck.
--
An Engineer asks "How does it work"
A Scientists asks "Why does it work?"
A liberal arts major asks "Do you want fries with that?"
"Jake" wrote:
> I'm sure this has been asked before but I couldn't find any threads
> discussing it..
>
> I've been reluctant to switch over from a desktop machine to a laptop
> for fear of someone stealing it and getting access to all my personal
> files. However, I just purchased a new laptop with Vista Business
> installed and I like it and am considering making the move from a
> desktop to a laptop as my primary machine.
>
> I've got a new Lenovo 3000 N200.
>
>
> So how do I protect my personal files from being accessed if someone
> were to snatch my laptop from my car ?
>
>
> I've been reading and reading and reading about EFS and BitBlocker. I
> know I will need to upgrade to Ultimate for BitBlocker (which brings up
> other questions about upgrading) but I'll stick to the encryption
> question here.
>
>
> Would EFS be sufficient for protecting my personal files?
>
> Is there anyway someone can take the hard disk out of my laptop, put it
> in another machine as a secondary drive, or installed into one of those
> portable drive shells, take ownership of the drive and get access to my
> files?
>
> Is it practical to encrypt the entire Documents folder from a
> performance perspective?
>
>
> What practices are required? I've read numerous help files and KB
> articles and I'm totally confused now about certificates and encryption
> keys.. Do I need to back them both up? From what I've read, there are
> backup instructions for them both yet one contains the other so I can't
> understand why backing them both up is necessary, or for that matter
> even mentioned in the help files - unless it's to create as much
> confusion as possible.
>
>
> If I backup my files and restore them, what EXACTLY do I need to gain
> access to them again on another PC or a new PC? How many certificates
> and keys are involoved?
>
> I read something about taking the private key off the computer when
> unattended since it would aid in someone getting access to the files.
> THIS I believe is in a MSFT KB about "best practices".. Is that REALLY
> necessary? Is there another "non-private" type of key also?
>
> Whew!!! I'm Dazed & Confused but that's normal after reading Microsoft
> (marketing fluffed) literature on product features..
>
> Are there any other resources that help unravel all this since Microsoft
> as failed to do so for me... Something specific to storing personal
> files on a laptop?
>
> Thanks
> Bryan
>
>
> |
|
| Back to top |
|
| |
External
Since: Dec 06, 2007
Posts: 2
|
(Msg. 6) Posted: Thu Dec 06, 2007 12:04 pm
Post subject: RE: Encryption - EFS vs. Bit Blocker [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
"SLoweCSL" wrote:
> Doesn't the Lenovo have bios level options for a Power-On Password and Hard
> Drive password? My T61 does and when enabled the system will not power on or
> go into the bios unless the password is entered. The Hard Drive password
> locks the hard drive to a password, even if it's removed from the system to a
> new one.
>
> Just like anything make sure you understand the options before implementing
> them, because if the passwords are forgotten then you are pretty much out of
> luck.
> --
> An Engineer asks "How does it work"
> A Scientists asks "Why does it work?"
> A liberal arts major asks "Do you want fries with that?"
>
>
>
> "Jake" wrote:
>
> > I'm sure this has been asked before but I couldn't find any threads
> > discussing it..
> >
> > I've been reluctant to switch over from a desktop machine to a laptop
> > for fear of someone stealing it and getting access to all my personal
> > files. However, I just purchased a new laptop with Vista Business
> > installed and I like it and am considering making the move from a
> > desktop to a laptop as my primary machine.
> >
> > I've got a new Lenovo 3000 N200.
> >
> >
> > So how do I protect my personal files from being accessed if someone
> > were to snatch my laptop from my car ?
> >
> >
> > I've been reading and reading and reading about EFS and BitBlocker. I
> > know I will need to upgrade to Ultimate for BitBlocker (which brings up
> > other questions about upgrading) but I'll stick to the encryption
> > question here.
> >
> >
> > Would EFS be sufficient for protecting my personal files?
> >
> > Is there anyway someone can take the hard disk out of my laptop, put it
> > in another machine as a secondary drive, or installed into one of those
> > portable drive shells, take ownership of the drive and get access to my
> > files?
> >
> > Is it practical to encrypt the entire Documents folder from a
> > performance perspective?
> >
> >
> > What practices are required? I've read numerous help files and KB
> > articles and I'm totally confused now about certificates and encryption
> > keys.. Do I need to back them both up? From what I've read, there are
> > backup instructions for them both yet one contains the other so I can't
> > understand why backing them both up is necessary, or for that matter
> > even mentioned in the help files - unless it's to create as much
> > confusion as possible.
> >
> >
> > If I backup my files and restore them, what EXACTLY do I need to gain
> > access to them again on another PC or a new PC? How many certificates
> > and keys are involoved?
> >
> > I read something about taking the private key off the computer when
> > unattended since it would aid in someone getting access to the files.
> > THIS I believe is in a MSFT KB about "best practices".. Is that REALLY
> > necessary? Is there another "non-private" type of key also?
> >
> > Whew!!! I'm Dazed & Confused but that's normal after reading Microsoft
> > (marketing fluffed) literature on product features..
> >
> > Are there any other resources that help unravel all this since Microsoft
> > as failed to do so for me... Something specific to storing personal
> > files on a laptop?
> >
> > Thanks
> > Bryan
> >
> >
> > |
|
| Back to top |
|
| |
External
Since: Dec 06, 2007
Posts: 2
|
(Msg. 7) Posted: Thu Dec 06, 2007 12:15 pm
Post subject: RE: Encryption - EFS vs. Bit Blocker [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
"SLoweCSL" wrote:
> Doesn't the Lenovo have bios level options for a Power-On Password and Hard
> Drive password? My T61 does and when enabled the system will not power on or
> go into the bios unless the password is entered. The Hard Drive password
> locks the hard drive to a password, even if it's removed from the system to a
> new one.
>
> Just like anything make sure you understand the options before implementing
> them, because if the passwords are forgotten then you are pretty much out of
> luck.
> --
> An Engineer asks "How does it work"
> A Scientists asks "Why does it work?"
> A liberal arts major asks "Do you want fries with that?"
>
>
>
> "Jake" wrote:
>
> > I'm sure this has been asked before but I couldn't find any threads
> > discussing it..
> >
> > I've been reluctant to switch over from a desktop machine to a laptop
> > for fear of someone stealing it and getting access to all my personal
> > files. However, I just purchased a new laptop with Vista Business
> > installed and I like it and am considering making the move from a
> > desktop to a laptop as my primary machine.
> >
> > I've got a new Lenovo 3000 N200.
> >
> >
> > So how do I protect my personal files from being accessed if someone
> > were to snatch my laptop from my car ?
> >
> >
> > I've been reading and reading and reading about EFS and BitBlocker. I
> > know I will need to upgrade to Ultimate for BitBlocker (which brings up
> > other questions about upgrading) but I'll stick to the encryption
> > question here.
> >
> >
> > Would EFS be sufficient for protecting my personal files?
> >
> > Is there anyway someone can take the hard disk out of my laptop, put it
> > in another machine as a secondary drive, or installed into one of those
> > portable drive shells, take ownership of the drive and get access to my
> > files?
> >
> > Is it practical to encrypt the entire Documents folder from a
> > performance perspective?
> >
> >
> > What practices are required? I've read numerous help files and KB
> > articles and I'm totally confused now about certificates and encryption
> > keys.. Do I need to back them both up? From what I've read, there are
> > backup instructions for them both yet one contains the other so I can't
> > understand why backing them both up is necessary, or for that matter
> > even mentioned in the help files - unless it's to create as much
> > confusion as possible.
> >
> >
> > If I backup my files and restore them, what EXACTLY do I need to gain
> > access to them again on another PC or a new PC? How many certificates
> > and keys are involoved?
> >
> > I read something about taking the private key off the computer when
> > unattended since it would aid in someone getting access to the files.
> > THIS I believe is in a MSFT KB about "best practices".. Is that REALLY
> > necessary? Is there another "non-private" type of key also?
> >
> > Whew!!! I'm Dazed & Confused but that's normal after reading Microsoft
> > (marketing fluffed) literature on product features..
> >
> > Are there any other resources that help unravel all this since Microsoft
> > as failed to do so for me... Something specific to storing personal
> > files on a laptop?
> >
> > Thanks
> > Bryan
> >
> >
> > Check out Dells line of business notebooks with FDE (Full Disk Encryption) by Segate. Without the password they are useless even if removed from the PC. Segate claims all of their hard drives will have FDE at some point in the future. |
|
| Back to top |
|
| |
| Related Topics: | Vista 64 Preboot and Drive Encryption?? - Driving me up the wall I have been looking for days now I like Compusec but its not 64 compatable. Anyone using anything like this?? Cheers, bob -- bobster
Vista logon with smart card - How do I configure Vista to allow me logon to my home computer using a DoD issued smart card. It is currently used to access my DoD e-mail and for e-signature authorization, and has the ability to logon to DoD owned systems & networks. The card....
Voice recognition and security - I am presently handicapped to the degree that I can't use a keyboard or mouse so Windows Vista voice recognition of the godsend. It works really well in most circumstances however whenever it security alert occurs it appears to override voice..
Registering REG Files - Can someone please ellaborate on how to Register REG Files using things like Scripts\SMS\GPO for all users on a Standard User Computer ? The problem, i guess, lies with the Virtualization of the registry -- Or Tsemah YSIDE
Restarting a Windows Service with C# under Vista when User.. - Hello! I need to restart the "Windows Audio Service" (audiosrv) via C#. I'm using the ServiceController Class to do this. It is no problem under XP and no problem under vista if UAC is disabled. But with enabled UAC i'm getting a "access ... |
|
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
Hot
Bloated Email? DetachPipe for Outlook
Mac
Linux
Games
PDA
Mobile
FAQ
Search
Profile
Private Messages
Log in
Windows Forums
RSS