Encryption - EFS vs. Bit Blocker

I'm sure this has been asked before but I couldn't find any threads
discussing it..

I've been reluctant to switch over from a desktop machine to a laptop
for fear of someone stealing it and getting access to all my personal
files. However, I just purchased a new laptop with Vista Business
installed and I like it and am considering making the move from a
desktop to a laptop as my primary machine.

I've got a new Lenovo 3000 N200.


So how do I protect my personal files from being accessed if someone
were to snatch my laptop from my car ?


I've been reading and reading and reading about EFS and BitBlocker. I
know I will need to upgrade to Ultimate for BitBlocker (which brings up
other questions about upgrading) but I'll stick to the encryption
question here.


Would EFS be sufficient for protecting my personal files?

Is there anyway someone can take the hard disk out of my laptop, put it
in another machine as a secondary drive, or installed into one of those
portable drive shells, take ownership of the drive and get access to my
files?

Is it practical to encrypt the entire Documents folder from a
performance perspective?


What practices are required? I've read numerous help files and KB
articles and I'm totally confused now about certificates and encryption
keys.. Do I need to back them both up? From what I've read, there are
backup instructions for them both yet one contains the other so I can't
understand why backing them both up is necessary, or for that matter
even mentioned in the help files - unless it's to create as much
confusion as possible.


If I backup my files and restore them, what EXACTLY do I need to gain
access to them again on another PC or a new PC? How many certificates
and keys are involoved?

I read something about taking the private key off the computer when
unattended since it would aid in someone getting access to the files.
THIS I believe is in a MSFT KB about "best practices".. Is that REALLY
necessary? Is there another "non-private" type of key also?

Whew!!! I'm Dazed & Confused but that's normal after reading Microsoft
(marketing fluffed) literature on product features..

Are there any other resources that help unravel all this since Microsoft
as failed to do so for me... Something specific to storing personal
files on a laptop?

Thanks
Bryan

Check out the new Data Encryption Toolkit at
http://www.microsoft.com/technet/security/guidance/clientsecurity/data...ryption
It's got some good information to help you understand the differences
between EFS and BitLocker and how they can protect your information.

For BitLocker, you'll need Vista Business with Software Assurance, Visa
Enterprise, or Vista Ultimate.

For EFS, yes protecting your "My Documents" folder is a good start. There
are others you should protect, too; the Data Encryption Toolkit has a
utility that will enable encryption on all the relevant places in your
computer.

--
Steve Riley
steve.riley.TakeThisOut@microsoft.com
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com


"Jake" <Jaker00at.TakeThisOut@Yahoo.com> wrote in message
news:Xns999896489768Bryanbahotmailcom@66.250.146.128...
> I'm sure this has been asked before but I couldn't find any threads
> discussing it..
>
> I've been reluctant to switch over from a desktop machine to a laptop
> for fear of someone stealing it and getting access to all my personal
> files. However, I just purchased a new laptop with Vista Business
> installed and I like it and am considering making the move from a
> desktop to a laptop as my primary machine.
>
> I've got a new Lenovo 3000 N200.
>
>
> So how do I protect my personal files from being accessed if someone
> were to snatch my laptop from my car ?
>
>
> I've been reading and reading and reading about EFS and BitBlocker. I
> know I will need to upgrade to Ultimate for BitBlocker (which brings up
> other questions about upgrading) but I'll stick to the encryption
> question here.
>
>
> Would EFS be sufficient for protecting my personal files?
>
> Is there anyway someone can take the hard disk out of my laptop, put it
> in another machine as a secondary drive, or installed into one of those
> portable drive shells, take ownership of the drive and get access to my
> files?
>
> Is it practical to encrypt the entire Documents folder from a
> performance perspective?
>
>
> What practices are required? I've read numerous help files and KB
> articles and I'm totally confused now about certificates and encryption
> keys.. Do I need to back them both up? From what I've read, there are
> backup instructions for them both yet one contains the other so I can't
> understand why backing them both up is necessary, or for that matter
> even mentioned in the help files - unless it's to create as much
> confusion as possible.
>
>
> If I backup my files and restore them, what EXACTLY do I need to gain
> access to them again on another PC or a new PC? How many certificates
> and keys are involoved?
>
> I read something about taking the private key off the computer when
> unattended since it would aid in someone getting access to the files.
> THIS I believe is in a MSFT KB about "best practices".. Is that REALLY
> necessary? Is there another "non-private" type of key also?
>
> Whew!!! I'm Dazed & Confused but that's normal after reading Microsoft
> (marketing fluffed) literature on product features..
>
> Are there any other resources that help unravel all this since Microsoft
> as failed to do so for me... Something specific to storing personal
> files on a laptop?
>
> Thanks
> Bryan
>
>