Laptop Encryption/Control

We are looking at replacing a number of PCs with laptops, so users can work remotely when needed. I'm wondering what the best options are for drive encryption on the laptops in case they are lost or stolen? If possible, I'd also like something that does the encryption but can also control other areas of the laptops (trusted sites, allow/not allow downloading software, etc.). These would be Windows 7 and they'd be accessing the network via VPN when they are not in the office.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

EirmanChief Operations ManagerCommented:
I would definitely separate encryption software and user control software.

Most people will recommend truecrypt for encrypting the entire hard disk but I always recommend bestcrypt volume encryption from

It's much easier to use, and give you better control and management in a corporate environment.  It has many feature that truecrypt does not have (the use of hardware tokens for example).

Unlike truecrypt it's not free ... but it's not expensive and support is good.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Are your users working remotely over the internet or are they predominantly working on files and data "offline?"  If they are going to be accessing your system remotely, you may consider abandoning ANY company data being stored locally and utilizing a remote system like Terminal Services or Citrix to provide a remote sandbox for the user to work within your network

In addition, the laptops can be locked down via GPO or with the help of an additional management software like Deep Freeze which prevents a user from permanently affecting the configuration of the laptop:

I have found that when users get laptops, regardless of policies, they become personal machines, kids use the to browse the web, etc.  Deep Freeze effectively resets the system to your original image on each restart regardless of what was done purposefully (install iTunes) or accidentally (installed malware.)

If you must apply true encryption to your laptop disk, you can use a program like TrueCrypt however many time its slows the overall performance of the laptop and I generally only consider it if a user if going to be using data offline that is highly confidential or is bound by a legal requirement for encryption, HIPAA for example.
itmoonlighterAuthor Commented:
Thanks for the comments. All of the data and programs they'd be working with would be online only, which they'd access via a VPN, I have the same fear that this will become a personal laptop, even though they'd be instructed that it's not.  I'll have to look at Deep Freeze. Is there other user control software out there? Our industry is bound by compliance, which is driving the disk encryption issue.
Full disk encryption like BitLocker or truecrypt?

Depends on your edition.
Win7 Ultimate and enterprise (not pro!) have both Bitlocker and applocker.
BL encrypts, applocker restricts application usage effectively. What edition do you run?
Win7 pro could use software restriction policies, which are similar to applocker.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.