[FDE] Changing Encryption packages

Fri Apr 13 09:30:07 MDT 2007

John - We are actually in the middle of the same process you have
described.

Fortunately, we only had pushed EFS to about 500 devices before we realized
it was not offering the type of protection we were trying to get out of it.
We chose to encrypt any %userprofile% that logged into the device, but this
caused all sorts of issues (temp files, etc.).  We recently put together an
.exe that will run the cipher script to decrypt each %userprofile% on the
device.  We decided to delay the push of our new encryption solution to
these devices by a week because of the overhead caused by cipher decrypting
a users profile.

If possible, I'd recommend separating the removal of EFS and the
implementation of your new encryption package because of the impact each
process has on your end user (mainly performance issues).

Regards,
Tim Thompson
Union Pacific Railroad
Information Assurance Engineering

             jfvanmeter at comcas                                             
             t.net                                                         
             Sent by:                                                   To 
             fde-bounces at www.x         fde at www.xml-dev.com                 
             ml-dev.com                                                 cc 

                                                                   Subject 
             04/13/2007 10:12          [FDE] Changing Encryption packages  
             AM                                                            

             Please respond to                                             
             fde at www.xml-dev.c                                             
                    om                                                     

 Hello everyone, I'm currently working on a project to replace EFS with a
different encryption package. I was hoping you all would share any pit
falls that you have experenced or that you have heard about when doing
this.

I plan to run this in two or three phases

1. remove EFS from Group Policy and use cipher/script to decrypt all files
on the workstation. and backup files.

2. implement the new encryption package

I have roughly 40k workstation to implement this on, so any help insite
would be great.

thank you

Take Care and Have Fun --John
_______________________________________________
FDE mailing list
FDE at www.xml-dev.com
http://www.xml-dev.com/mailman/listinfo/fde

.                                                                                                                                                    This message and any attachments contain information from Union Pacific which may be confidential and/or privileged.
If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this message is strictly prohibited by law. If you receive this message in error, please contact the sender immediately and delete the message and any attachments.