• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 605
  • Last Modified:

EFS encryption via GPO on XP laptops

Need to encrypt 50 laptops including offline files cache, my documents, outlook and desktop.
Created a GPO which is working and encrypts the offline files cache. Created a login script which does not seem to be working:

cipher /e /s /a "%userprofile%\My Documents"

cipher /e /s /a "%userprofile%\Application Data\Microsoft\Outlook"

cipher /e /s /a "%userprofile%\Desktop"

And I need a password either on the folders (preferable) or at bootup which I can control.
Encryption is basically Greek to me. Need help.
0
sandbagger2u
Asked:
sandbagger2u
1 Solution
 
Rich RumbleSecurity SamuraiCommented:
What are you protecting the data from? If your worried about a LT being stolen and someone getting into these files, then you probably want full disk encryption wich EFS can't do. If your worried about someone gaining access to these files while the system is on you may want to try to get EFS going, but you can get to EFS data using PassWare or AEFSDR from Elcomsoft, both are very capable recovery programs. If the LT is off and is stolen, EFS won't protect you, because an attacker can use AEFSDR or PassWare, but if the disk is fully encrypted then they can't. I'd suggest TrueCrypt, FreeOTFE, PGP and possibly Microsofts Bitlocker, but bitlocker is not available for XP.
This may help with your current attempts:
http://support.microsoft.com/kb/810859
http://technet.microsoft.com/en-us/library/ee449438%28v=ws.10%29.aspx
http://www.truecrypt.org/faq (no backdoor's for TC, but EFS has MANY)
-rich
-rich
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now