Experts Exchange connects you with the people and services you need so you can get back to work.

EFS encryption via GPO on XP laptops

Need to encrypt 50 laptops including offline files cache, my documents, outlook and desktop.
Created a GPO which is working and encrypts the offline files cache. Created a login script which does not seem to be working:

cipher /e /s /a "%userprofile%\My Documents"

cipher /e /s /a "%userprofile%\Application Data\Microsoft\Outlook"

cipher /e /s /a "%userprofile%\Desktop"

And I need a password either on the folders (preferable) or at bootup which I can control.
Encryption is basically Greek to me. Need help.

sandbagger2u

Asked: 2013-05-20

Advertise Here

1 Solution

LVL 38

Rich RumbleSecurity SamuraiCommented: 2013-05-20

What are you protecting the data from? If your worried about a LT being stolen and someone getting into these files, then you probably want full disk encryption wich EFS can't do. If your worried about someone gaining access to these files while the system is on you may want to try to get EFS going, but you can get to EFS data using PassWare or AEFSDR from Elcomsoft, both are very capable recovery programs. If the LT is off and is stolen, EFS won't protect you, because an attacker can use AEFSDR or PassWare, but if the disk is fully encrypted then they can't. I'd suggest TrueCrypt, FreeOTFE, PGP and possibly Microsofts Bitlocker, but bitlocker is not available for XP.
This may help with your current attempts:
http://support.microsoft.com/kb/810859
http://technet.microsoft.com/en-us/library/ee449438%28v=ws.10%29.aspx
http://www.truecrypt.org/faq (no backdoor's for TC, but EFS has MANY)
-rich
-rich

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

EFS encryption via GPO on XP laptops

Join & Write a Comment Already a member? Login.

Featured Post