How to secure desktops in a windows domain without adding too much complexity to users?

I was wondering on a solution to keep data stored on desktops in a windows domain safe from theft.  If someone broke into an institution and stole some towers/hdd's how could one put in some safety measures to make sure password cracking software is not employed to harvest company data?  I was thinking of a hard drive password with a bios admin password on top of that.  The key is to not add a layer of complexity to the users in the domain (Windows Server 2003) that would cause undue distress.  Any ideas?
john6216Asked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
dinsjConnect With a Mentor Commented:
Whole disk encryption, Such as symantec endpoint encryption or pgp encryption, once installed will work in the background without the users having to do anything.  very secure
0
 
wfcraven12Commented:
Well I would start by making users store ALL company data on the company network & not their desktops.  If a hard drive were to crash then how would they get their data back?  
0
 
dexITConnect With a Mentor Commented:
Scrap the local administrator account so that it cannot be reset using ERD, set a policy with domain admin group to have rights to all local machines, disable local user log on. I also agree with dinsj, I would look into some encryption practices to deploy.
0
 
conradjonesCommented:
as you already have a domain you should implement a file server, you could use your existing domain controller if you don't have too many users.

Create a share on your file server to house your user home directory then using active directory users and computers and assign each user a home directory.

Use group policy to restrict the users ability to see or write to the C drive.

Use group policy folder redirection to redirect the users "My Documents" to their home directory.

Implement a backup system to backup the users home directories.

This is 2 hours work, and once setup will be transparent to the user, their my documents will follow them whatever computer they login to. And if the server is locked away securely you don't have to worry about the desktop computers being comprised, unless they have a users password they cannot access company data.
0
All Courses

From novice to tech pro — start learning today.