R
Roof Fiddler
I have a machine that has no TPM hardware. The machine needs to run Vista.
Multiple users each need to be able to power up and shut down the computer
by themselves, and store their data on the machine's hard drive. Also, each
user wants assurance that if any other user pulls the hard drive and reads
it in another machine, then that latter user can't read the former user's
data. If a user forgets his password (and loses his backup recovery keys,
etc), all of the data which he has stored on the machine should be
unrecoverable.
The problem of a user pulling the hard drive, installing a trojan horse into
Vista, and then putting the hard drive back in the machine for other users
to continue using is a threat which I'm explicitly _not_ trying to solve at
the moment. Neither am I trying to solve the problem of other users planting
any kind of hardware bugs in/on the machine.
If I use bitlocker to encrypt everything, then all users need to know the
bootup password, so all users have the ability to pull the hard drive and
read all data, which is unacceptable.
If each user uses EFS, then all users would have the ability to pull the
hard drive and at least get directory listings of other users' data even if
users' private EFS keys weren't stored on the hard drive, which is also
unacceptable.
So how do I accomplish this user isolation?
Multiple users each need to be able to power up and shut down the computer
by themselves, and store their data on the machine's hard drive. Also, each
user wants assurance that if any other user pulls the hard drive and reads
it in another machine, then that latter user can't read the former user's
data. If a user forgets his password (and loses his backup recovery keys,
etc), all of the data which he has stored on the machine should be
unrecoverable.
The problem of a user pulling the hard drive, installing a trojan horse into
Vista, and then putting the hard drive back in the machine for other users
to continue using is a threat which I'm explicitly _not_ trying to solve at
the moment. Neither am I trying to solve the problem of other users planting
any kind of hardware bugs in/on the machine.
If I use bitlocker to encrypt everything, then all users need to know the
bootup password, so all users have the ability to pull the hard drive and
read all data, which is unacceptable.
If each user uses EFS, then all users would have the ability to pull the
hard drive and at least get directory listings of other users' data even if
users' private EFS keys weren't stored on the hard drive, which is also
unacceptable.
So how do I accomplish this user isolation?