Using XP Pro to encrypt my entire "My Documents". - Any issues?

  • Thread starter Thread starter Dave Smithz
  • Start date Start date
D

Dave Smithz

Hi There,

I purchased XP Pro instead of Home because of the encryption capabilities.
However,1 year on I have only just looked into them prompted by theft of a
friends laptop.
I went through the Windows Help tutorials which seems to state that
encryption is good and once activated is transparent to me as a user.
However before I encrypt the entire "My Documents" folder which is quite
large at about 10GB, I want to know if there are any issues,

E.g.:
1. Will I notice a marked slowdown in performance on my PC?
2. Is it quite easy for the files to then become encrypted?
3. Are there times when the encryption is not so transparent, particularly
as a bit of a developer who uses software like Visual Studio.
4. Are there any other issues that I should be aware of?

Thanks in advance for any thoughts on the above matter.

Kind regards,

Dave
 
Dave Smithz said:
Hi There,

I purchased XP Pro instead of Home because of the encryption capabilities.
However,1 year on I have only just looked into them prompted by theft of a
friends laptop.
I went through the Windows Help tutorials which seems to state that
encryption is good and once activated is transparent to me as a user.
However before I encrypt the entire "My Documents" folder which is quite
large at about 10GB, I want to know if there are any issues,

E.g.:
1. Will I notice a marked slowdown in performance on my PC?
2. Is it quite easy for the files to then become encrypted?
3. Are there times when the encryption is not so transparent, particularly
as a bit of a developer who uses software like Visual Studio.
4. Are there any other issues that I should be aware of?

Thanks in advance for any thoughts on the above matter.

Kind regards,

Dave
Click to expand...


Should you ever forget the password to your accout and the Administrator accout, and use one of the special bootdisks to reset it, all your encrypted data will be useless and unrecoverable.

Other than that, I can't think of anything at the moment.

carl
 
Dave said:
Hi There,

I purchased XP Pro instead of Home because of the encryption capabilities.
However,1 year on I have only just looked into them prompted by theft of a
friends laptop.
I went through the Windows Help tutorials which seems to state that
encryption is good and once activated is transparent to me as a user.
However before I encrypt the entire "My Documents" folder which is quite
large at about 10GB, I want to know if there are any issues,

E.g.:
1. Will I notice a marked slowdown in performance on my PC?
2. Is it quite easy for the files to then become encrypted?
3. Are there times when the encryption is not so transparent, particularly
as a bit of a developer who uses software like Visual Studio.
4. Are there any other issues that I should be aware of?

Thanks in advance for any thoughts on the above matter.

Kind regards,

Dave
Click to expand...

Make sure you designate a recovery agent and save the encryption key on
a CD. Do a search in the MS Knowledge base for EFS and encryption.
Read everything you can on it before doing it.
 
Dave Smithz said:
I purchased XP Pro instead of Home because of the encryption capabilities.
However,1 year on I have only just looked into them prompted by theft of a
friends laptop.
I went through the Windows Help tutorials which seems to state that
encryption is good and once activated is transparent to me as a user.
However before I encrypt the entire "My Documents" folder which is quite
large at about 10GB, I want to know if there are any issues,

E.g.:
1. Will I notice a marked slowdown in performance on my PC?
Click to expand...

Not noticeable on a reasonably fast machine
2. Is it quite easy for the files to then become encrypted?
Click to expand...

It will be automatic
3. Are there times when the encryption is not so transparent, particularly
as a bit of a developer who uses software like Visual Studio.
Click to expand...

Not that I know of
4. Are there any other issues that I should be aware of?
Click to expand...

Yes. The encrypted files are transparent to the user/owner as soon as
he logs in. So they are no more secure than his password - probably not
very. There are plenty of programs around to break into passwords. But
if you do not have the encryption certificates backed up *off the
machine* then on a reinstall or the like so they are lost the files are
totally irretrievable (Except *perhaps* by NSA in a matter of national
security). IOW I would not use it.
 
Alex Nichol said:
Yes. The encrypted files are transparent to the user/owner as soon as
he logs in. So they are no more secure than his password - probably not
very. There are plenty of programs around to break into passwords. But
if you do not have the encryption certificates backed up *off the
machine* then on a reinstall or the like so they are lost the files are
totally irretrievable (Except *perhaps* by NSA in a matter of national
security). IOW I would not use it.
Click to expand...

Thanks for that all that replied. So from what you are saying Alex, is that
if I encrypt "My Documents" for example. I make a backup of the "My
Documents" folder but then my PC loses it's data and needs a complete
re-install. I do this, reinstall my backed up "My Documents" folder.
Are you then saying there is no way I can access that "My Documents" folder,
even if I set up a user on the new PC with the same username and password.

If this is the case this sucks and although encryption might make it a bit
secure. it makes it very difficult to take backups of my data.

So if XP encryption does suck, what other ways are there to secure sensitive
data on my laptop, but also allows me to backup the data and recover it
without to much of a problem?

Thanks again.

Dave

If this is the case,
 
Dave said:
Thanks for that all that replied. So from what you are saying Alex, is that
if I encrypt "My Documents" for example. I make a backup of the "My
Documents" folder but then my PC loses it's data and needs a complete
re-install. I do this, reinstall my backed up "My Documents" folder.
Are you then saying there is no way I can access that "My Documents" folder,
even if I set up a user on the new PC with the same username and password.
Click to expand...

Same username/password has nothing to do with it. Unless you had
exported the encryption certificates for EFS out of the old computer
*before* it the crash/re-install, those files would be lost.

If this is the case this sucks and although encryption might make it a bit
secure. it makes it very difficult to take backups of my data.

So if XP encryption does suck, what other ways are there to secure sensitive
data on my laptop, but also allows me to backup the data and recover it
without to much of a problem?
Click to expand...

If the data is highly sensitive, you should encrypt the data, but I
would not have used Microsoft's builtin EFS, EFS is usually a disaster
just waiting to happen. Some calls EFS the "delayed Recycle Bin" ;-)

If you really want encryption:

SafeGuard PrivateCrypto might help you out (free for
private use only):

http://www.utimaco.com/indexmain.html

or maybe their SafeGuard Easy product (at work, we use it for local
hard disk encryption on all laptops, and we are very satisfied with
the product).

The BestCrypt product found at http://www.jetico.com/ also looks
interesting.

Just be sure to export any encryption keys and safe them on a safe
place (outside your computer).
 
Torgeir Bakken (MVP) said:
If the data is highly sensitive, you should encrypt the data, but I
would not have used Microsoft's builtin EFS, EFS is usually a disaster
just waiting to happen. Some calls EFS the "delayed Recycle Bin" ;-)

If you really want encryption:

SafeGuard PrivateCrypto might help you out (free for
private use only):

http://www.utimaco.com/indexmain.html

or maybe their SafeGuard Easy product (at work, we use it for local
hard disk encryption on all laptops, and we are very satisfied with
the product).

The BestCrypt product found at http://www.jetico.com/ also looks
interesting.

Just be sure to export any encryption keys and safe them on a safe
place (outside your computer).
Click to expand...

After reading your posting I immediately disabled the encryption on my
folders until I learn more about it.

Of the two links you put the first seems to be down at time of writing
however the second looks an interesting product.

Do both of these products offer transparent encryption when I am logged in
as a particular user on XP and also should my PC fail, can I retrieve the
data from the backup, apply the same login password and retrieve the data.
To me this is the ultimate encryption product.
It works in the background to applied folders, I can make backups of the
encrypted files or move them to a different location, and if I apply the
same Windows login password to the file to unencrypt (perhaps for instance
when recovering on a different PC), it will unencrypt exactly as expected.

Does this product exist?

Kind regards,

Dave.
 
Dave Smithz wrote:

Thanks for that all that replied. So from what you are saying Alex, is that
if I encrypt "My Documents" for example. I make a backup of the "My
Documents" folder but then my PC loses it's data and needs a complete
re-install. I do this, reinstall my backed up "My Documents" folder.
Are you then saying there is no way I can access that "My Documents" folder,
even if I set up a user on the new PC with the same username and password.
Click to expand...

Correct, creating an account after a new install with the same username
and password will not work. The security ID is different even though
the name and password are the same. The encryption is based on the
security ID for the account when encryption was first enabled. As I
stated in my first post, backup the encryption certificate and key, and
designate a recovery agent. If you have to reinstall, then you can
import the saved encryption certificate which will allow access to the
encrypted data. However if something happens to that certificate, then
you are out of luck. There are several MS Knowledge Base articles which
describe these issues. If you have any interest in using EFS make sure
you review them, but it is not a good choice overall.

There are other options to protect data, but I don't use them so there
is nothing I can recommend.
 
One note, if you make a backup of your encrypted files (WinZip, tape backup, etc.) these files will not be encrypted with the NTFS encryption (does depend on the backup software). So if you loose your drive, you can still recover the data.
Dave Smithz wrote:

Thanks for that all that replied. So from what you are saying Alex, is that
if I encrypt "My Documents" for example. I make a backup of the "My
Documents" folder but then my PC loses it's data and needs a complete
re-install. I do this, reinstall my backed up "My Documents" folder.
Are you then saying there is no way I can access that "My Documents" folder,
even if I set up a user on the new PC with the same username and password.
Click to expand...

Correct, creating an account after a new install with the same username
and password will not work. The security ID is different even though
the name and password are the same. The encryption is based on the
security ID for the account when encryption was first enabled. As I
stated in my first post, backup the encryption certificate and key, and
designate a recovery agent. If you have to reinstall, then you can
import the saved encryption certificate which will allow access to the
encrypted data. However if something happens to that certificate, then
you are out of luck. There are several MS Knowledge Base articles which
describe these issues. If you have any interest in using EFS make sure
you review them, but it is not a good choice overall.

There are other options to protect data, but I don't use them so there
is nothing I can recommend.
 
Also, the only issue that I know of: if you do not save the encryption password/security setting before you re-install XP, you will not be able to directly read the encrypted files.
One note, if you make a backup of your encrypted files (WinZip, tape backup, etc.) these files will not be encrypted with the NTFS encryption (does depend on the backup software). So if you loose your drive, you can still recover the data.
Dave Smithz wrote:

Thanks for that all that replied. So from what you are saying Alex, is that
if I encrypt "My Documents" for example. I make a backup of the "My
Documents" folder but then my PC loses it's data and needs a complete
re-install. I do this, reinstall my backed up "My Documents" folder.
Are you then saying there is no way I can access that "My Documents" folder,
even if I set up a user on the new PC with the same username and password.
Click to expand...

Correct, creating an account after a new install with the same username
and password will not work. The security ID is different even though
the name and password are the same. The encryption is based on the
security ID for the account when encryption was first enabled. As I
stated in my first post, backup the encryption certificate and key, and
designate a recovery agent. If you have to reinstall, then you can
import the saved encryption certificate which will allow access to the
encrypted data. However if something happens to that certificate, then
you are out of luck. There are several MS Knowledge Base articles which
describe these issues. If you have any interest in using EFS make sure
you review them, but it is not a good choice overall.

There are other options to protect data, but I don't use them so there
is nothing I can recommend.
 
Back
Top