Securing all data on laptops.

So i have a client that has say 25 mobile users with their own lap tops. The users tend to copy data from the server and work on it on the desktop or on the C:\ drive. The client has asked me if there's some sort of solution to sync possible the entire machines data to a server so as to not lose any data if the user quits or getts his computer stolen. What i've thought of doing is:

1. Using Group Policy folder redirection to move the users accounts to a fileserver (Solving problems if the user puts stuff on their desktop or my documents folders.)

2. Using Bitlocker drive encryption and configuring via gpo to store restore keys in active directory with the machine account.

Has anyone had this situation before? The users are today local admins on their machines so they could potentially erase the data locally on the computer.

Any help or suggestions is really appreciated.
Wouter MakkinjeIT ManagerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Sajid Shaik MSr. System AdminCommented:
Daniel HelgenbergerCommented:
Using bit locker with a GPO is a good start and works really well.

As for the backup, I think you should opt for a third party solution. Robocopy is scripting is to hard to maintain and you never know when the mobile users are inside the company or not.

This would require the installation of a server application as well as a service on the client notebook usually.
This client checks the server for consistency and does backups when needed. Also, it checks for low bandwidth connections to the server (you really do not want backups via VPN). Commonly users can use a front end which lets them do recovers on their on.

We use Archiware Presstore Backup2Go:
I can recommand it, works really well.

But there are many products, for instance Acronis:

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Wouter MakkinjeIT ManagerAuthor Commented:
Im actually quite stupid for not thinking of online backup, but yea thanks for the idea all though i use different software you gave me the idea and its great. Thanks :)
This is a question that is near and dear to my heart.  I am a big proponent of securing laptops as they have a tendency to "grow feet".  

One thing to look at it is security of the data at rest as well as in motion.  Based on your requirements this is what I would be looking at.

Data Encryption at Rest - This would be for data that has been copies to the laptop and is on the laptop in the event that the laptop is stolen or lost.

There are a few solutions I have used.  They both have a centralized management and push policy as the laptops check in.

Option 1 - Checkpoint Endpoint Security

This solution is a great solution for remote workers.  It sandboxes the data and does not write to the local PC.  The link refers to their 'Go' solution which is a USB based solution.  It CAN integrate with a Checkpoint VPN solution.  This will protect the data at-rest as well as in motion.  It is centrally management and can be revoked as necessary.

Option 2 - Symantec Encryption Desktop

This solution also allows for full disk encryption and is centrally managed.  Encrypts the data and can have the  keys revoked rendering the data useless without the keys.  I used this for many years.  

Here is a great white-paper on the solution

This is either a stand-alone solution or can be combined with the above to provide a full solution.

Option 3 - Citrix FileShare

This is essentially a Corporate version of Drop Box.  Although this does NOT provide the full disk encryption, it does provide the ability to sync files securely.  

I believe that based on you requirements, I would use either Option 1 or 2 and possibly in combination with Option 3.

One thing to note. The Symantec solution will do Full-Disk encryption on any platform, Windows, Mac and Linux (What I used), but the PGP Desktop software is only for Mac and Windows.

Hope this helps.
Sajid Shaik MSr. System AdminCommented:
great conversation...  helge000 is right.... overall it's a nice participation... i appreciate all participants... thanks
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Security

From novice to tech pro — start learning today.