[unisog] File protection in a Windows Environment

Gaddis, Jeremy L. jeremy at linuxwiz.net
Tue Dec 6 22:13:42 GMT 2005

jkerr at business.buffalo.edu wrote:
>   We are evaluating solutions for protecting the confidentiality of 
> electronic files / documents.  Our Employee Relations area is concerned 
> about making sure that no one can view their files, including technical 
> staff.  We are a "Microsoft shop" both on the desktop and servers.

Why not EFS?  You said yourself that you are a "Microsoft shop", and 
nothing is going to be more manageable than EFS is.  We've just began 
using it (still in a "testing" phase with a handful of users), but it's 
working well so far.

In my opinion, it would seem that your Employee Relations department 
would want files to be recovered, so I would definitely have a Data 
Recovery Agent set up.  If they don't want technical staff viewing files 
at their leisure, the private key can be exported, written to CD, and 
stored in a lockbox off-site.  This, of course, assumes a level of trust 
that the administrators won't make a "backup" copy of the key or 
generate a new DRA and push that out via Group Policies.


Jeremy L. Gaddis, GCWN

"In theory, theory and reality are the same.  In reality, they're 

More information about the unisog mailing list