EFS encryption via GPO on XP laptops

Need to encrypt 50 laptops including offline files cache, my documents, outlook and desktop.
Created a GPO which is working and encrypts the offline files cache. Created a login script which does not seem to be working:

cipher /e /s /a "%userprofile%\My Documents"

cipher /e /s /a "%userprofile%\Application Data\Microsoft\Outlook"

cipher /e /s /a "%userprofile%\Desktop"

And I need a password either on the folders (preferable) or at bootup which I can control.
Encryption is basically Greek to me. Need help.
sandbagger2uAsked:
Who is Participating?
 
Rich RumbleSecurity SamuraiCommented:
What are you protecting the data from? If your worried about a LT being stolen and someone getting into these files, then you probably want full disk encryption wich EFS can't do. If your worried about someone gaining access to these files while the system is on you may want to try to get EFS going, but you can get to EFS data using PassWare or AEFSDR from Elcomsoft, both are very capable recovery programs. If the LT is off and is stolen, EFS won't protect you, because an attacker can use AEFSDR or PassWare, but if the disk is fully encrypted then they can't. I'd suggest TrueCrypt, FreeOTFE, PGP and possibly Microsofts Bitlocker, but bitlocker is not available for XP.
This may help with your current attempts:
http://support.microsoft.com/kb/810859
http://technet.microsoft.com/en-us/library/ee449438%28v=ws.10%29.aspx
http://www.truecrypt.org/faq (no backdoor's for TC, but EFS has MANY)
-rich
-rich
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.

Advertise Here