Re: [FDE] Changing Encryption packages

TJTHOMP1 Fri, 13 Apr 2007 09:16:23 -0700

John - We are actually in the middle of the same process you have
described.


Fortunately, we only had pushed EFS to about 500 devices before we realized
it was not offering the type of protection we were trying to get out of it.
We chose to encrypt any %userprofile% that logged into the device, but this
caused all sorts of issues (temp files, etc.).  We recently put together an
.exe that will run the cipher script to decrypt each %userprofile% on the
device.  We decided to delay the push of our new encryption solution to
these devices by a week because of the overhead caused by cipher decrypting
a users profile.

If possible, I'd recommend separating the removal of EFS and the
implementation of your new encryption package because of the impact each
process has on your end user (mainly performance issues).

Regards,
Tim Thompson
Union Pacific Railroad
Information Assurance Engineering



                                                                           
             [EMAIL PROTECTED]                                             
             t.net                                                         
             Sent by:                                                   To 
             [EMAIL PROTECTED]         [EMAIL PROTECTED]                 
             ml-dev.com                                                 cc 
                                                                           
                                                                   Subject 
             04/13/2007 10:12          [FDE] Changing Encryption packages  
             AM                                                            
                                                                           
                                                                           
             Please respond to                                             
             [EMAIL PROTECTED]                                             
                    om                                                     
                                                                           
                                                                           





 Hello everyone, I'm currently working on a project to replace EFS with a
different encryption package. I was hoping you all would share any pit
falls that you have experenced or that you have heard about when doing
this.

I plan to run this in two or three phases

1. remove EFS from Group Policy and use cipher/script to decrypt all files
on the workstation. and backup files.

2. implement the new encryption package

I have roughly 40k workstation to implement this on, so any help insite
would be great.

thank you

Take Care and Have Fun --John
_______________________________________________
FDE mailing list
[EMAIL PROTECTED]
http://www.xml-dev.com/mailman/listinfo/fde


.                                                                               
                                                                     This 
message and any attachments contain information from Union Pacific which may be 
confidential and/or privileged.
If you are not the intended recipient, be aware that any disclosure, copying, 
distribution or use of the contents of this message is strictly prohibited by 
law. If you receive this message in error, please contact the sender 
immediately and delete the message and any attachments.

_______________________________________________
FDE mailing list
[EMAIL PROTECTED]
http://www.xml-dev.com/mailman/listinfo/fde

Re: [FDE] Changing Encryption packages

Reply via email to