At LSU, thousands of laptops are in use, so it's important to adequately secure University information on mobile systems. The University is also covered by the Louisiana Database Security Breach Notification Law, which requires LSU to notify individuals whenever personal data about them has been lost, including losses from the theft of laptops. For these reasons, the IT Security and Policy Office is happy to announce the availability of the Encrypting File System for all users in LSU's Active Directory.
Encrypting File System is a technology built into Windows 2000 and Windows XP that provides secure, encrypted, per-user storage that's well integrated into the rest of the Windows file system. For example, EFS can be used to encrypt everything on a user's desktop, all their offline e-mail and all documents that they have locally. EFS uses encryption certificates generated from LSU's PKI to ensure that the encrypted data is safe even if the user's laptop is lost. Access and use of the data is seamless to the end user, all key management happens automatically through Active Directory, and no new passwords need to be remembered. ITS encourages all IT contacts that maintain mobile computers (or any other computer where physical security cannot be guaranteed) to deploy EFS to protect the data on them. As long as you're joined to LSU's Active Directory, there's no additional software to deploy, you maintain full data recovery capabilities, and the entire system can be managed through Group Policy.
To help answer your deployment questions, the IT Security and Policy Office has created 2 knowledge base articles to guide you through the deployment process. These articles also include sample scripts to automate the encryption and decryption of sensitive directories and to enable shell integration (an Encrypt / Decrypt option in the right click menu in Explorer). The first article is more technical and written for IT contacts themselves; the second is designed to answer any questions your end users may have. The articles and associated files can be found here:
Encrypting File System (EFS) for Departmental IT contacts
Encrypting File System at LSU
If you have any questions or problems about EFS, please notify us at email@example.com.