Solved

Securing a windows 7 laptop when out of the office.  It's part of an SBS 2011 domain

Posted on 2016-11-21
11
169 Views
Last Modified: 2016-11-28
What are the options for the way to 'secure' the data on a laptop in case it gets stolen?

I was thinking there's the drive bootup password in the bios of the laptop (Dell Latitude).  I guess I could take the drive out to see for myself, but does that actually keep the drive locked up even if removed from the laptop and connected to another PC?

We're not talking state secrets here.  So if the answer to the hard drive password lock is that they can swap out the board on the drive and get in, that's not a concern.

We're more concerned with keeping people from getting to the data going so far as taking the drive out of the laptop and putting in another PC using a USB to SATA cable or similar.

The OS is Windows 7 Pro and the server for the domain is SBS 2011.

Any recommendations?
0
Comment
  • 4
  • 3
  • 2
  • +2
11 Comments
 
LVL 3

Assisted Solution

by:Pune Tech
Pune Tech earned 83 total points
ID: 41895997
Right now your laptop data is unsafe any one can copy by connecting to usb but there are steps you can take to reduce the risk. Here are 10 simple things you can do to help keep your laptop secure when you are on the go

Check following article for details,

http://www.in.techradar.com/news/mobile-computing/laptops/10-steps-you-can-take-to-secure-a-laptop/articleshow/38835410.cms
0
 
LVL 54

Assisted Solution

by:McKnife
McKnife earned 83 total points
ID: 41895999
What the bios "hard drive password" actually does depends on the model of laptop and model of drive. You can use self encrypting drives and if the bios supports it, you will really be using encryption and this (given we use a password that is not easy to brute force) is secure.
Other hard drive locking mechanisms are not that secure. To give you an idea: data recovery online services offer to unlock your drive for less than 100 US$ (but you'll have to send them the drive).

So look into the drive models and see if SED (self encrypting drives) is a feature and if the dell bios supports to use that on all models that you have.
0
 
LVL 27

Assisted Solution

by:skullnobrains
skullnobrains earned 251 total points
ID: 41898920
the hard drive password most likely does not do encryption if the word crypt is not present somewhere in the bios. usually, you'd get both on separate lines, but there are exceptions. best way to know try it. it should work internally or as an usb external drive.

assuming the hardware does not support it, windows can work on completely encrypted drives but i would not recommend that approach : pain to setup, you'll have to reinstall or clone, and it is uselessly slow.

i'd recommend you create a separate partition. you can resize existing ones in computer management, and create new ones. i'm unsure about resizing the system partition while it is running. if you need to do that and windows won't, any bootable cd with gparted will let you do that easily.

once you're done, you can use the ms bitlocker tool ( should be under system in control panel ) to encrypt the drive

then format the partition and make sure any sensitive data is stored there. you can stick the user profile or his documents folders on the encrypted partition to make it easier. if you move the whole profile, try a dummy profile first. moving the profile is somehow better because most temp files would be stored there. ( and a few with the system but most apps that work on user data will use the profile's temp dirs )

this should be quite easy to setup without breaking the existing system, and won't encrypt the system itself which would slow down the system uselessly ( imagine the swapfile is encrypted and you swap even a little ... )

---

another way could be to use an encrypted usb key but you won't be able to set the user's profile on a removable drive afaik so your user would need to be educated. and temp files would be a problem.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 54

Expert Comment

by:McKnife
ID: 41898925
There's no bitlocker on win7 pro.
0
 
LVL 27

Accepted Solution

by:
skullnobrains earned 251 total points
ID: 41898963
oops

many freeware equivalent such as this truecrypt successor https://veracrypt.codeplex.com/ or truecrypt itself

whichever you pick, you need one that prompts for passwords rather than use a self-contained password ( rather useless ) or a removable drive ( that will likely be stolen with the laptop ) and you probably should prefer something that encrypts the whole drive rather than individual files ( though there might be some out-of-the-shelf tools that can watch a directory and encrypt/decrypt files on the fly )
0
 
LVL 27

Assisted Solution

by:skullnobrains
skullnobrains earned 251 total points
ID: 41898965
another way could also be to provide remote access through rdp, vnc, or whatever equivalent and leave the data at the office but that would require permanent internet access
0
 
LVL 25

Assisted Solution

by:RobMobility
RobMobility earned 83 total points
ID: 41904124
Hi,

Dell latitudes are business grade devices and thus have a TPM (trusted Platform Module) - this can be enabled in the BIOS (usually enabled by default) and since you have Windows 7 Pro, you can encrypt the in-built disk using BitLocker.

Several options are available for how the drive is unlocked - suggest a complex password of 8 characters and AES 128 (default) or AES 256 for the encryption.

During drive encryption, you will be asked to create a BitLocker recovery key - important that you keep this safe.

Hopefully this will help:

https://technet.microsoft.com/en-us/library/dd835565(v=ws.10).aspx
0
 
LVL 54

Assisted Solution

by:McKnife
McKnife earned 83 total points
ID: 41904129
7 pro has no bitlocker. We talked about that before, please read the other comments.
0
 
LVL 25

Expert Comment

by:RobMobility
ID: 41904155
Quite correct, it was introduced in Windows 8.0 Pro.

You could upgrade to Windows 8.1 Pro, via Windows 8.0 as it's cheaper (i.e. £45.00 in the UK) or 10 Pro or 7 Ultimate to get BitLocker.

Alternatively, if you or the user needs adaptions for some form of accessibility, then it'st still possible to upgrade to Windows 10 Pro for free:

https://www.microsoft.com/en-gb/accessibility/windows10upgrade - no proof is needed that assistive technology is used so there is no paperwork.

It might be difficult to trust OpenSource encryption solutions especially since the TrueCrypt issue and many won't leverage the TPM which will protect part of the keychain used to decrypt the drive.
0
 
LVL 27

Expert Comment

by:skullnobrains
ID: 41904649
It might be difficult to trust OpenSource encryption solutions

hmm... i'd never consider using any encryption software that's not opensource.
if you can't audit your solution, it's probably not as failsafe as the vendor claims.
0
 

Author Comment

by:BeGentleWithMe-INeedHelp
ID: 41904887
Re:  https://www.microsoft.com/en-gb/accessibility/windows10upgrade - no proof is needed that assistive technology is used so there is no paperwork.

I've been meaning to ask this question.  Feel free to check / comment on this page:

https://www.experts-exchange.com/questions/28985942/How-do-you-know-you-are-properly-activated-on-Windows-10-upgrades.html
0

Featured Post

Save the day with this special offer from ATEN!

Save 30% on the CV211 using promo code EXPERTS30 now through April 30th. The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The related questions "How do I recover the passwords for my Q-See DVR" and "How can I reset my Q-See DVR to eliminate a password" are seen several times a week.  Here we discuss the grim reality of the situation.
Smart phones, smart watches, Bluetooth-connected devices—the IoT is all around us. In this article, we take a look at the security implications of our highly connected world.
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question