Two recent editions of TechNet Magazine included excellent articles on Deploying EFS. Part 1 is here and Part 2 is here. I recently came across the article Prevent data theft with Windows Vista’s Encrypted File System (EFS) and BitLocker which discusses using EFS and BitLocker together in certain cases as they tend to compensate for each other’s weaknesses.
BillCan recently announced the beta version of a tool for enforcing EFS encryption.
Basically, the EFS Assistant is a small software application that is installed on a user’s laptop (or desktop) that enforces the encryption policy the administrator pushed to the client via Group Policy. The beta version of the tool can do the following:
- Encrypt specific default folders that Microsoft recommends (e.g., My Documents, etc.)
- Encrypt additional folders as configured by the administrator (for example, a folder holding data for a custom-built application)
- Do not encrypt default folders that Microsoft recommends leaving unencrypted (e.g., Program Files, Windows directory)
- Do not encrypt folders as configured by the administrator (for example, the application files for a custom-built application)
- Scan the disk and encrypt folders that mostly or exclusively contain data files
- Record the results of its encryption run in WMI for reporting via SMS or other management tools