Laptop Encryption/Control

Posted on 2014-02-26
Medium Priority
Last Modified: 2014-03-13
We are looking at replacing a number of PCs with laptops, so users can work remotely when needed. I'm wondering what the best options are for drive encryption on the laptops in case they are lost or stolen? If possible, I'd also like something that does the encryption but can also control other areas of the laptops (trusted sites, allow/not allow downloading software, etc.). These would be Windows 7 and they'd be accessing the network via VPN when they are not in the office.
Question by:itmoonlighter
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 24

Accepted Solution

Eirman earned 1500 total points
ID: 39889102
I would definitely separate encryption software and user control software.

Most people will recommend truecrypt for encrypting the entire hard disk but I always recommend bestcrypt volume encryption from www.jetico.com

It's much easier to use, and give you better control and management in a corporate environment.  It has many feature that truecrypt does not have (the use of hardware tokens for example).

Unlike truecrypt it's not free ... but it's not expensive and support is good.

Expert Comment

ID: 39889139
Are your users working remotely over the internet or are they predominantly working on files and data "offline?"  If they are going to be accessing your system remotely, you may consider abandoning ANY company data being stored locally and utilizing a remote system like Terminal Services or Citrix to provide a remote sandbox for the user to work within your network

In addition, the laptops can be locked down via GPO or with the help of an additional management software like Deep Freeze which prevents a user from permanently affecting the configuration of the laptop:


I have found that when users get laptops, regardless of policies, they become personal machines, kids use the to browse the web, etc.  Deep Freeze effectively resets the system to your original image on each restart regardless of what was done purposefully (install iTunes) or accidentally (installed malware.)

If you must apply true encryption to your laptop disk, you can use a program like TrueCrypt however many time its slows the overall performance of the laptop and I generally only consider it if a user if going to be using data offline that is highly confidential or is bound by a legal requirement for encryption, HIPAA for example.

Author Comment

ID: 39889221
Thanks for the comments. All of the data and programs they'd be working with would be online only, which they'd access via a VPN, I have the same fear that this will become a personal laptop, even though they'd be instructed that it's not.  I'll have to look at Deep Freeze. Is there other user control software out there? Our industry is bound by compliance, which is driving the disk encryption issue.
LVL 62

Expert Comment

ID: 39897889
Full disk encryption like BitLocker or truecrypt?
LVL 56

Expert Comment

ID: 39898757

Depends on your edition.
Win7 Ultimate and enterprise (not pro!) have both Bitlocker and applocker.
BL encrypts, applocker restricts application usage effectively. What edition do you run?
Win7 pro could use software restriction policies, which are similar to applocker.

Featured Post

ATEN's HDBaseT Presentation at InfoComm 2017

Hear ATEN Product Manager YT Liang review HDBaseT technology, highlighting ATEN’s latest solutions as they relate to real-world applications during her presentation at the HDBaseT booth at InfoComm 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
Businesses who process credit card payments have to adhere to PCI Compliance standards. Here’s why that’s important.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…
Suggested Courses
Course of the Month9 days, 23 hours left to enroll

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question