Sorry for asking, but what will they gain from this? If the laptop is
stolen, are they aware of the fact that unless it's encrypted with
BitLocker, it's most likely that the content of e:\data will be stolen as
well? Are they using some sort of Smart Cards or other method of
authentication?
Unless something really sophisticated is going on that we're not aware of,
I'd suggest that you review your requirements, and that you ask a good
security expert to help you design your security solutions.
--
Sincerely,
Daniel Petri
MVP, Senior IT consultant, trainer
www.petri.co.il
"Lpoffe" <Lpoffe@discussions.microsoft.com> wrote in message
news:866D7408-6E0B-455B-8260-34903D82811D@microsoft.com...
> Hi Steve,
>
> I also prefer Bitlocker but if you can convince my management to move on
> to
> Vista ...
> Unless there is Bitlocker version for XP.
>
> So what my management is requesting for our laptop users : keep win XP,
> create a second partition (e:\ drive) and a folder 'data'. (e:\data)
> Users don't have access to c:\ or to e:\ only to e:\data. So what we want
> is that if a user put's a file on e:\data it should be encrypted but he
> should not have the option to decrypt the files on e:\data. We always
> want
> to keep the files encrypted.
>
> Ludo
>
> "Steve Riley [MSFT]" wrote:
>
>> Why do you need all users to encrypt all files? What threats are you
>> trying
>> to mitigate? Do they use laptops (where encryption is good, and I prefer
>> BitLocker for this) or desktops? Tell us more.
>>
>> --
>> Steve Riley
>> steve.riley@microsoft.com
>> http://blogs.technet.com/steriley
>> http://www.protectyourwindowsnetwork.com
>>
>>
>>
>> "Lpoffe" <Lpoffe@discussions.microsoft.com> wrote in message
>> news:A1F6E244-C950-4590-87F6-5CA59F94BA04@microsoft.com...
>> > Hi Daniel,
>> >
>> > I agree but how can I force my users to encrypt always there files ?
>> >
>> >
>> >
>> > "Daniel Petri <MVP>" wrote:
>> >
>> >> A folder CANNOT be encrypted with EFS. Only files can.
>> >>
>> >> In any case, what's the point behind ENCRYPTING something (with EFS in
>> >> this
>> >> case), if ANY user can remove the encryption??? Do you see a logic
>> >> here?
>> >> I
>> >> can't. Try doing the same to a FILE and not to a FOLDER, and you'll
>> >> see
>> >> that
>> >> only the original user and the Recovery Agent can decrypt the file.
>> >>
>> >> --
>> >> Sincerely,
>> >>
>> >> Daniel Petri
>> >> MVP, Senior IT consultant, trainer
>> >> www.petri.co.il
>> >>
>> >> "Lpoffe" <Lpoffe@discussions.microsoft.com> wrote in message
>> >> news:5514CAD3-54B8-472A-A688-7546000ACBD4@microsoft.com...
>> >> > Hi,
>> >> >
>> >> > We have the following problem : we created on a partition a folder
>> >> > called
>> >> > data which has been encrypted with EFS. We always want to keep that
>> >> > folder
>> >> > encrypted.
>> >> > Unfortunaly a user can decrypt that folder via the 'Advanced
>> >> > Attributes'
>> >> > button under the folder properties.
>> >> >
>> >> > Question : Is there a way that we can disable that 'Advanced
>> >> > Attributes'
>> >> > button in such a way that the folder stays encrypted with EFS ?
>> >> >
>> >>