Ben, We have done clients with whole disk encryption on the laptops. Works great. Doesn't protect against anything when the system is actually running, only when the laptops are stolen. PGP Desktop Whole disk is what we used then, but I would seriously look at Truecrypt now. Nice thing about PGP was the centralized management we had for maintaining PGP passwords and accounts. All of the data is stored on the server 2008 via RDP. They use it both internally and externally. No data is stored on desktops or servers. Desktops are locked down via GP and basically have a single icon for RDP, or are running thin clients. Takes care of most security issues, but if the servers have a problem you hear about it quick. :)
Greg Sweers CEO ACTS360.com<http://www.acts360.com/> P.O. Box 1193 Brandon, FL 33509 813-657-0849 Office 813-758-6850 Cell 813-341-1270 Fax From: Lists - Level 5 [mailto:li...@levelfive.us] Sent: Thursday, October 07, 2010 12:38 AM To: NT System Admin Issues Subject: RE: disk encryption Well that's what we are considering, the issue is they do have several graphics and presentation people, they also have a bunch of little 'apps' that im concerned with bog the server down. For example accounting dept has 2 different apps, then there is 3 people in graphics/marketing, and 2 attorneys who have their own app, HR has its own sql app, and then half the company uses Yardi (property mgmt. sql based). Then we get into cost, we already have 2 citrix servers, one is a vm, and one is a standalone and being phased out. Its running 2003 with citrix 3.x?? I would say its 5 years old from the last time they purchased anything. From: Jon Harris [mailto:jk.har...@gmail.com] Sent: Wednesday, October 06, 2010 11:39 PM To: NT System Admin Issues Subject: Re: disk encryption Why not just put everything on Citrix and have done with it? Not criticizing just asking? I would avoid encrypting the servers and lock them down tight and lock them up tighter. Jon On Wed, Oct 6, 2010 at 10:46 PM, Lists - Level 5 <li...@levelfive.us<mailto:li...@levelfive.us>> wrote: I have a small client, 15 laptops, 20 desktops , 8 servers on a 2008 domain. We were discussing full disk encryption and turning off cached mode for outlook etc etc. the client is pretty sensitive to protecting their data. One of the items that came up was whether we should just move to citrix so nothing is on the laptops and then encrypt the desktops in the office as well. Are there are recommendations for encryption people can recommend? I have only used the built in certificates with Windows to encrypt user profiles and am wondering if people would consider that secure enough or does pgp or some of these two factor disk encryption devices. Thanks ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin