David,
I believe that EFS is disabled campus-wide because of the recovery key problem,
however it is trivial to override this policy and it is okay to do so if you
know what you're doing. I'm ccing calnetad-info in case they have any additional
comments about this.
Ryan
On 3/30/2005 9:57 AM, David Lee wrote:
> A note to those on the campus active directory:
>
> Campus has disabled EFS in a domain wide GPO. I've been tasked to
> encrypt the few laptops we have in our department and discovered this
> when I tried to test it. I tested several other encryption packages and
> found SafeGuard Easy by Utimaco Safeware at
> http://www.utimaco.com/createframes.html?http://www.utimaco.com/content_products/sg_easy.html
> to be easy to use and the most transparent to the user.
>
> At 09:22 AM 3/30/2005, Ryan L. Means wrote:
>
>> Steve,
>>
>> In my experience it works very well and has a negligible performance
>> impact.
>>
>> However, users should only encrypt the folders containing the specific
>> data that they would like to protect. I have seen many a system
>> completely hosed by an attempt to EFS the entire system drive. On my
>> laptop I have a special storage area that is encrypted where I point
>> all of my applications to store their data.
>>
>> The second big thing to note is that unless you create and store a
>> recovery key somewhere (a moderately complex process for the average
>> user), a forgotten password means that the data will be irrevocably
>> lost. I believe that by default under XP, the Administrator of the
>> machine can perform recovery. On a domain environment, a recovery key
>> can also be recreated through group policy. Of course, if we are
>> talking about sensitive data stored on a laptop, irrevocable loss
>> shouldn't be that big of a deal because the restricted data should
>> also be on a secure server and it could just be copied back.
>>
>> Ryan
>>
>>
>> On 3/30/2005 9:03 AM, Steven Longenbohn wrote:
>>
>>> An inquiry was put to me about the Windows XP Ecrypted File System (EFS).
>>> I've not used this and am just now reading about it in a book.
>>> While this learning is going on, I wanted to post this inquiry to see
>>> if any of you are using EFS, and if so, what is your experience with it?
>>> How much does it slow down doing the daily work, opening encrypted
>>> files, re-encrypting them, etc.?
>>> How easy is this to setup and maintain.
>>> Will the "average user" be able to continue doing what they do, or do
>>> they now have to work differently (you know, a new learing curve that
>>> most folks either don't learn or live on your telephone for support)?
>>> Any input will be appreciated.
>>> Thanks!
>>>
>>> ********************************************************************************************
>>>
>>> * Steve "DrSteve" Longenbohn IS&T: Administrative
>>> Systems Dept
>>> *
>>> * CalNet Deputy System Administrator
>>> * CalAgenda Admin Departmental Security Overseer
>>> * PC Doctor
>>> *
>>> * Office: 510-643-9777 Cell: 510-812-0256
>>> * 2111 Bancroft Way, Room 409D (Banway Bldg)
>>> ********************************************************************************************
>>>
>>> -------------------------------------
>>> Sent via the ucb-security mailing list.
>>
>>
>> --
>> Ryan L. Means
>> Chief Technical Officer
>> School of Law (Boalt Hall)
>> University of California, Berkeley
>>
>> ------------------------------------------------------------------------
>> The following was automatically added to this message by the list server:
>>
>> For information about Micronet, including subscribing to
>> or unsubscribing from its mailing list and finding out
>> about upcoming meetings, please visit the Micronet Web site:
>> <http://micronet.berkeley.edu/>.
>
> David D. Lee
> Computer Resource Specialist II
> Office of Undergraduate Admissions
> ouarshlp@uclink4.berkeley.edu
> 2-6417
>
-- Ryan L. Means Chief Technical Officer School of Law (Boalt Hall) University of California, Berkeley ------------------------------------------------------------------------ The following was automatically added to this message by the list server: For information about Micronet, including subscribing to or unsubscribing from its mailing list and finding out about upcoming meetings, please visit the Micronet Web site: <http://micronet.berkeley.edu/>.Received on Wed Mar 30 10:11:21 2005
This archive was generated by hypermail 2.1.8 : Wed Mar 30 2005 - 10:11:21 PST