[unisog] File protection in a Windows Environment

Gaddis, Jeremy L. jeremy at linuxwiz.net
Tue Dec 6 22:13:42 GMT 2005


jkerr at business.buffalo.edu wrote:
>   We are evaluating solutions for protecting the confidentiality of 
> electronic files / documents.  Our Employee Relations area is concerned 
> about making sure that no one can view their files, including technical 
> staff.  We are a "Microsoft shop" both on the desktop and servers.

Why not EFS?  You said yourself that you are a "Microsoft shop", and 
nothing is going to be more manageable than EFS is.  We've just began 
using it (still in a "testing" phase with a handful of users), but it's 
working well so far.

In my opinion, it would seem that your Employee Relations department 
would want files to be recovered, so I would definitely have a Data 
Recovery Agent set up.  If they don't want technical staff viewing files 
at their leisure, the private key can be exported, written to CD, and 
stored in a lockbox off-site.  This, of course, assumes a level of trust 
that the administrators won't make a "backup" copy of the key or 
generate a new DRA and push that out via Group Policies.

-j

-- 
Jeremy L. Gaddis, GCWN
http://www.jeremygaddis.com/

"In theory, theory and reality are the same.  In reality, they're 
different."



More information about the unisog mailing list