From: Mike N. 

Thanks for the information - that was enough to get me going.  It turned
out to be more complicated to
lock up login accounts than I anticipated.  However I'm now quite confident
that if my laptop is stolen,
the most they can get are filenames and the hardware.

 To anyone else thinking of using Encrypted File systems:

  Testing certificate key and backup recovery was not as straightforward as I
thought - you can't just pick
up an encrypted file and plop it onto another system except through
NTBackup or equivalent.
NTBackup does store encrypted files as encrypted on tape.

  Here are some not obvious things I found in the standalone environment that
took a bit of research to track down:

1.)  When sharing out encrypted files, remote clients cannot access them.
 2.)  The Designated Recovery Agent does not apply to standalone workstations,
even if configured.  It's
not critical for single user workstations anyway.

  Overall:  Good stuff, quite transparent, and little performance hit; even
when using 3DES.  Be
sure you'll research it thoroughly or you'll very likely be left with files
lost forever to the bit bucket when the inevitable upgrade / system change
/ recovery
/ employee turnover happens.   The newsgroups are full of these hapless souls.

On Tue, 19 Oct 2004 23:14:37 -0700, "Rich"  wrote:

>  See http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/e
n-us/Default.asp?url=/resources/documentation/windows/xp/all/reskit/en-us/prnb_
efs_kcef.asp,
http://www.microsoft.com/smallbusiness/gtm/securityguidance/articles/protect_da
ta_efs.mspx, and
http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx.
>
>Rich
>
>  "Mike N."  wrote in message
news:4kian0tsqlcisuurtek0invfsetcupneun{at}4ax.com...
>  Here are some questions I have on using Encrypting File System in an
>  environment-

--- BBBS/NT v4.01 Flag-5