[unisog] File protection in a Windows Environment
Gaddis, Jeremy L.
jeremy at linuxwiz.net
Tue Dec 6 22:13:42 GMT 2005
jkerr at business.buffalo.edu wrote:
> We are evaluating solutions for protecting the confidentiality of
> electronic files / documents. Our Employee Relations area is concerned
> about making sure that no one can view their files, including technical
> staff. We are a "Microsoft shop" both on the desktop and servers.
Why not EFS? You said yourself that you are a "Microsoft shop", and
nothing is going to be more manageable than EFS is. We've just began
using it (still in a "testing" phase with a handful of users), but it's
working well so far.
In my opinion, it would seem that your Employee Relations department
would want files to be recovered, so I would definitely have a Data
Recovery Agent set up. If they don't want technical staff viewing files
at their leisure, the private key can be exported, written to CD, and
stored in a lockbox off-site. This, of course, assumes a level of trust
that the administrators won't make a "backup" copy of the key or
generate a new DRA and push that out via Group Policies.
Jeremy L. Gaddis, GCWN
"In theory, theory and reality are the same. In reality, they're
More information about the unisog