Thanks Steve will give it a tray.
"Steve Riley [MSFT]" wrote:
<span style="color:blue">
> What kind of data loss? Do you mean theft of a laptop? If so, then BitLocker
> is better suited to this, so perhaps you can accelerate your upgrade plans.
>
> Properly configured, EFS can also be used to mitigate this threat, but it's
> more work. Follow the guidance in the Data Encryption Toolkit for Mobile PCs
> (search our web site for it).
>
> --
> Steve Riley
>
steve.riley@microsoft.com
>
http://blogs.technet.com/steriley
>
http://www.protectyourwindowsnetwork.com
>
>
>
> "Lpoffe" <Lpoffe@discussions.microsoft.com> wrote in message
> news:A7D84739-425E-4712-9B6B-086EC6F9D773@microsoft.com...<span style="color:green">
> > Hi,
> > We have more than 10.000 clients and the idea is to migrate to Vista in
> > 2010, so that we can use bitlocker. Meantime management request that we
> > protect the data on our laptops, against data lost and if possible
> > encrypted
> > and without spending money...
> > Therefore I is was thinking to implement EFS but then users should not
> > have
> > the option to decrypt files...
> >
> > Ludo
> >
> >
> > "Steve Riley [MSFT]" wrote:
> ><span style="color:darkred">
> >> Daniel is correct. Until you can define which threats you want to
> >> mitigate,
> >> then you really can't design an appropriate encryption process.
> >>
> >> --
> >> Steve Riley
> >>
steve.riley@microsoft.com
> >>
http://blogs.technet.com/steriley
> >>
http://www.protectyourwindowsnetwork.com
> >>
> >>
> >>
> >> "Daniel Petri <MVP>" <daniel@petri.co.il.removethis> wrote in message
> >> news:F21C3892-A865-461D-86F8-14834B16851A@microsoft.com...
> >> > Sorry for asking, but what will they gain from this? If the laptop is
> >> > stolen, are they aware of the fact that unless it's encrypted with
> >> > BitLocker, it's most likely that the content of e:data will be stolen
> >> > as
> >> > well? Are they using some sort of Smart Cards or other method of
> >> > authentication?
> >> >
> >> > Unless something really sophisticated is going on that we're not aware
> >> > of,
> >> > I'd suggest that you review your requirements, and that you ask a good
> >> > security expert to help you design your security solutions.
> >> >
> >> > --
> >> > Sincerely,
> >> >
> >> > Daniel Petri
> >> > MVP, Senior IT consultant, trainer
> >> >
www.petri.co.il
> >> >
> >> > "Lpoffe" <Lpoffe@discussions.microsoft.com> wrote in message
> >> > news:866D7408-6E0B-455B-8260-34903D82811D@microsoft.com...
> >> >> Hi Steve,
> >> >>
> >> >> I also prefer Bitlocker but if you can convince my management to move
> >> >> on
> >> >> to
> >> >> Vista ...
> >> >> Unless there is Bitlocker version for XP.
> >> >>
> >> >> So what my management is requesting for our laptop users : keep win
> >> >> XP,
> >> >> create a second partition (e: drive) and a folder 'data'. (e:data)
> >> >> Users don't have access to c: or to e: only to e:data. So what we
> >> >> want
> >> >> is that if a user put's a file on e:data it should be encrypted but
> >> >> he
> >> >> should not have the option to decrypt the files on e:data. We always
> >> >> want
> >> >> to keep the files encrypted.
> >> >>
> >> >> Ludo
> >> >>
> >> >> "Steve Riley [MSFT]" wrote:
> >> >>
> >> >>> Why do you need all users to encrypt all files? What threats are you
> >> >>> trying
> >> >>> to mitigate? Do they use laptops (where encryption is good, and I
> >> >>> prefer
> >> >>> BitLocker for this) or desktops? Tell us more.
> >> >>>
> >> >>> --
> >> >>> Steve Riley
> >> >>>
steve.riley@microsoft.com
> >> >>>
http://blogs.technet.com/steriley
> >> >>>
http://www.protectyourwindowsnetwork.com
> >> >>>
> >> >>>
> >> >>>
> >> >>> "Lpoffe" <Lpoffe@discussions.microsoft.com> wrote in message
> >> >>> news:A1F6E244-C950-4590-87F6-5CA59F94BA04@microsoft.com...
> >> >>> > Hi Daniel,
> >> >>> >
> >> >>> > I agree but how can I force my users to encrypt always there files
> >> >>> > ?
> >> >>> >
> >> >>> >
> >> >>> >
> >> >>> > "Daniel Petri <MVP>" wrote:
> >> >>> >
> >> >>> >> A folder CANNOT be encrypted with EFS. Only files can.
> >> >>> >>
> >> >>> >> In any case, what's the point behind ENCRYPTING something (with
> >> >>> >> EFS
> >> >>> >> in
> >> >>> >> this
> >> >>> >> case), if ANY user can remove the encryption??? Do you see a logic
> >> >>> >> here?
> >> >>> >> I
> >> >>> >> can't. Try doing the same to a FILE and not to a FOLDER, and
> >> >>> >> you'll
> >> >>> >> see
> >> >>> >> that
> >> >>> >> only the original user and the Recovery Agent can decrypt the
> >> >>> >> file.
> >> >>> >>
> >> >>> >> --
> >> >>> >> Sincerely,
> >> >>> >>
> >> >>> >> Daniel Petri
> >> >>> >> MVP, Senior IT consultant, trainer
> >> >>> >>
www.petri.co.il
> >> >>> >>
> >> >>> >> "Lpoffe" <Lpoffe@discussions.microsoft.com> wrote in message
> >> >>> >> news:5514CAD3-54B8-472A-A688-7546000ACBD4@microsoft.com...
> >> >>> >> > Hi,
> >> >>> >> >
> >> >>> >> > We have the following problem : we created on a partition a
> >> >>> >> > folder
> >> >>> >> > called
> >> >>> >> > data which has been encrypted with EFS. We always want to keep
> >> >>> >> > that
> >> >>> >> > folder
> >> >>> >> > encrypted.
> >> >>> >> > Unfortunaly a user can decrypt that folder via the 'Advanced
> >> >>> >> > Attributes'
> >> >>> >> > button under the folder properties.
> >> >>> >> >
> >> >>> >> > Question : Is there a way that we can disable that 'Advanced
> >> >>> >> > Attributes'
> >> >>> >> > button in such a way that the folder stays encrypted with EFS ?
> >> >>> >> >
> >> >>> >>
> >> > </span></span></span>