Securing all data on laptops.

Walle Makkinje
Walle Makkinje used Ask the Experts™
So i have a client that has say 25 mobile users with their own lap tops. The users tend to copy data from the server and work on it on the desktop or on the C:\ drive. The client has asked me if there's some sort of solution to sync possible the entire machines data to a server so as to not lose any data if the user quits or getts his computer stolen. What i've thought of doing is:

1. Using Group Policy folder redirection to move the users accounts to a fileserver (Solving problems if the user puts stuff on their desktop or my documents folders.)

2. Using Bitlocker drive encryption and configuring via gpo to store restore keys in active directory with the machine account.

Has anyone had this situation before? The users are today local admins on their machines so they could potentially erase the data locally on the computer.

Any help or suggestions is really appreciated.
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2013
Using bit locker with a GPO is a good start and works really well.

As for the backup, I think you should opt for a third party solution. Robocopy is scripting is to hard to maintain and you never know when the mobile users are inside the company or not.

This would require the installation of a server application as well as a service on the client notebook usually.
This client checks the server for consistency and does backups when needed. Also, it checks for low bandwidth connections to the server (you really do not want backups via VPN). Commonly users can use a front end which lets them do recovers on their on.

We use Archiware Presstore Backup2Go:
I can recommand it, works really well.

But there are many products, for instance Acronis:
Walle MakkinjeIT Service Engineer


Im actually quite stupid for not thinking of online backup, but yea thanks for the idea all though i use different software you gave me the idea and its great. Thanks :)
This is a question that is near and dear to my heart.  I am a big proponent of securing laptops as they have a tendency to "grow feet".  

One thing to look at it is security of the data at rest as well as in motion.  Based on your requirements this is what I would be looking at.

Data Encryption at Rest - This would be for data that has been copies to the laptop and is on the laptop in the event that the laptop is stolen or lost.

There are a few solutions I have used.  They both have a centralized management and push policy as the laptops check in.

Option 1 - Checkpoint Endpoint Security

This solution is a great solution for remote workers.  It sandboxes the data and does not write to the local PC.  The link refers to their 'Go' solution which is a USB based solution.  It CAN integrate with a Checkpoint VPN solution.  This will protect the data at-rest as well as in motion.  It is centrally management and can be revoked as necessary.

Option 2 - Symantec Encryption Desktop

This solution also allows for full disk encryption and is centrally managed.  Encrypts the data and can have the  keys revoked rendering the data useless without the keys.  I used this for many years.  

Here is a great white-paper on the solution

This is either a stand-alone solution or can be combined with the above to provide a full solution.

Option 3 - Citrix FileShare

This is essentially a Corporate version of Drop Box.  Although this does NOT provide the full disk encryption, it does provide the ability to sync files securely.  

I believe that based on you requirements, I would use either Option 1 or 2 and possibly in combination with Option 3.

One thing to note. The Symantec solution will do Full-Disk encryption on any platform, Windows, Mac and Linux (What I used), but the PGP Desktop software is only for Mac and Windows.

Hope this helps.

great conversation...  helge000 is right.... overall it's a nice participation... i appreciate all participants... thanks

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial