Kevin, We don't have a TPM on that server to use Bitlocker.
Eric On Tue, Sep 6, 2016 at 12:40 PM, Kevin Lundy <[email protected]> wrote: > Bitlocker and encrypt the entire volume(s)? > > On Tue, Sep 6, 2016 at 12:18 PM, Eric Wittersheim < > [email protected]> wrote: > >> I have a project that is in a highly secured environment and is governed >> by our PCI policies. The project will allow a user to log into a locked >> down Hyper V VM that is running Windows 2012 R2 server and open IE 11 to >> download WAV files from a second Apache server on the local subnet. The >> download directory has been redirected to a folder that is encrypted using >> EFS so all files are encrypted as well. Once the project time frame is >> complete the downloads are deleted with evidence provided that the files >> are removed. We can't securely erase the hard drives because multiple >> projects will be running at the same time. So it has been determined that >> a deleted file that was encrypted meets the security team requirements. >> >> What my main concern is the actual download process of the file. I >> believe the file might be going to a temp folder in the users profile >> folder unencrypted before being copied over by the OS to the EFS encrypted >> folder. Thus leaving those unencrypted bits on the hard drive. At this >> point I don't know of any way of getting around this problem. >> >> 1. Has anyone successfully used EFS on the users iNetCache (or IE temp >> directory)? >> 2. Does anyone have any ideas on how to do this differently? >> >> >> Thank you in advance for any pointers, >> >> Eric >> >> >> >> > >
