Solved

Securing a windows 7 laptop when out of the office.  It's part of an SBS 2011 domain

Posted on 2016-11-21
11
181 Views
Last Modified: 2016-11-28
What are the options for the way to 'secure' the data on a laptop in case it gets stolen?

I was thinking there's the drive bootup password in the bios of the laptop (Dell Latitude).  I guess I could take the drive out to see for myself, but does that actually keep the drive locked up even if removed from the laptop and connected to another PC?

We're not talking state secrets here.  So if the answer to the hard drive password lock is that they can swap out the board on the drive and get in, that's not a concern.

We're more concerned with keeping people from getting to the data going so far as taking the drive out of the laptop and putting in another PC using a USB to SATA cable or similar.

The OS is Windows 7 Pro and the server for the domain is SBS 2011.

Any recommendations?
0
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +2
11 Comments
 
LVL 3

Assisted Solution

by:Pune Tech
Pune Tech earned 83 total points
ID: 41895997
Right now your laptop data is unsafe any one can copy by connecting to usb but there are steps you can take to reduce the risk. Here are 10 simple things you can do to help keep your laptop secure when you are on the go

Check following article for details,

http://www.in.techradar.com/news/mobile-computing/laptops/10-steps-you-can-take-to-secure-a-laptop/articleshow/38835410.cms
0
 
LVL 54

Assisted Solution

by:McKnife
McKnife earned 83 total points
ID: 41895999
What the bios "hard drive password" actually does depends on the model of laptop and model of drive. You can use self encrypting drives and if the bios supports it, you will really be using encryption and this (given we use a password that is not easy to brute force) is secure.
Other hard drive locking mechanisms are not that secure. To give you an idea: data recovery online services offer to unlock your drive for less than 100 US$ (but you'll have to send them the drive).

So look into the drive models and see if SED (self encrypting drives) is a feature and if the dell bios supports to use that on all models that you have.
0
 
LVL 27

Assisted Solution

by:skullnobrains
skullnobrains earned 251 total points
ID: 41898920
the hard drive password most likely does not do encryption if the word crypt is not present somewhere in the bios. usually, you'd get both on separate lines, but there are exceptions. best way to know try it. it should work internally or as an usb external drive.

assuming the hardware does not support it, windows can work on completely encrypted drives but i would not recommend that approach : pain to setup, you'll have to reinstall or clone, and it is uselessly slow.

i'd recommend you create a separate partition. you can resize existing ones in computer management, and create new ones. i'm unsure about resizing the system partition while it is running. if you need to do that and windows won't, any bootable cd with gparted will let you do that easily.

once you're done, you can use the ms bitlocker tool ( should be under system in control panel ) to encrypt the drive

then format the partition and make sure any sensitive data is stored there. you can stick the user profile or his documents folders on the encrypted partition to make it easier. if you move the whole profile, try a dummy profile first. moving the profile is somehow better because most temp files would be stored there. ( and a few with the system but most apps that work on user data will use the profile's temp dirs )

this should be quite easy to setup without breaking the existing system, and won't encrypt the system itself which would slow down the system uselessly ( imagine the swapfile is encrypted and you swap even a little ... )

---

another way could be to use an encrypted usb key but you won't be able to set the user's profile on a removable drive afaik so your user would need to be educated. and temp files would be a problem.
0
Forrester Webinar: xMatters Delivers 261% ROI

Guest speaker Dean Davison, Forrester Principal Consultant, explains how a Fortune 500 communication company using xMatters found these results: Achieved a 261% ROI, Experienced $753,280 in net present value benefits over 3 years and Reduced MTTR by 91% for tier 1 incidents.

 
LVL 54

Expert Comment

by:McKnife
ID: 41898925
There's no bitlocker on win7 pro.
0
 
LVL 27

Accepted Solution

by:
skullnobrains earned 251 total points
ID: 41898963
oops

many freeware equivalent such as this truecrypt successor https://veracrypt.codeplex.com/ or truecrypt itself

whichever you pick, you need one that prompts for passwords rather than use a self-contained password ( rather useless ) or a removable drive ( that will likely be stolen with the laptop ) and you probably should prefer something that encrypts the whole drive rather than individual files ( though there might be some out-of-the-shelf tools that can watch a directory and encrypt/decrypt files on the fly )
0
 
LVL 27

Assisted Solution

by:skullnobrains
skullnobrains earned 251 total points
ID: 41898965
another way could also be to provide remote access through rdp, vnc, or whatever equivalent and leave the data at the office but that would require permanent internet access
0
 
LVL 25

Assisted Solution

by:RobMobility
RobMobility earned 83 total points
ID: 41904124
Hi,

Dell latitudes are business grade devices and thus have a TPM (trusted Platform Module) - this can be enabled in the BIOS (usually enabled by default) and since you have Windows 7 Pro, you can encrypt the in-built disk using BitLocker.

Several options are available for how the drive is unlocked - suggest a complex password of 8 characters and AES 128 (default) or AES 256 for the encryption.

During drive encryption, you will be asked to create a BitLocker recovery key - important that you keep this safe.

Hopefully this will help:

https://technet.microsoft.com/en-us/library/dd835565(v=ws.10).aspx
0
 
LVL 54

Assisted Solution

by:McKnife
McKnife earned 83 total points
ID: 41904129
7 pro has no bitlocker. We talked about that before, please read the other comments.
0
 
LVL 25

Expert Comment

by:RobMobility
ID: 41904155
Quite correct, it was introduced in Windows 8.0 Pro.

You could upgrade to Windows 8.1 Pro, via Windows 8.0 as it's cheaper (i.e. £45.00 in the UK) or 10 Pro or 7 Ultimate to get BitLocker.

Alternatively, if you or the user needs adaptions for some form of accessibility, then it'st still possible to upgrade to Windows 10 Pro for free:

https://www.microsoft.com/en-gb/accessibility/windows10upgrade - no proof is needed that assistive technology is used so there is no paperwork.

It might be difficult to trust OpenSource encryption solutions especially since the TrueCrypt issue and many won't leverage the TPM which will protect part of the keychain used to decrypt the drive.
0
 
LVL 27

Expert Comment

by:skullnobrains
ID: 41904649
It might be difficult to trust OpenSource encryption solutions

hmm... i'd never consider using any encryption software that's not opensource.
if you can't audit your solution, it's probably not as failsafe as the vendor claims.
0
 

Author Comment

by:BeGentleWithMe-INeedHelp
ID: 41904887
Re:  https://www.microsoft.com/en-gb/accessibility/windows10upgrade - no proof is needed that assistive technology is used so there is no paperwork.

I've been meaning to ask this question.  Feel free to check / comment on this page:

https://www.experts-exchange.com/questions/28985942/How-do-you-know-you-are-properly-activated-on-Windows-10-upgrades.html
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware is a malware that is again in the list of security  concerns. Not only for companies, but also for Government security and  even at personal use. IT departments should be aware and have the right  knowledge to how to fight it.
No single Antivirus application (despite claims by manufacturers) will catch or protect you from all Virus / Malware or Spyware threats. That doesn't stop you from further protecting yourself however - and this article is to show you how.
This Micro Tutorial will teach you how to change your appearance and customize your Windows 7 interface to your unique preference. This will be demonstrated using Windows 7 operating system.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question