Melvin, That is a good one. I am only using IE because I can use GPO to redirect the default DL folder to a different location that we are encrypting. I will look at my Chrome ADM and see if I can do the same with Chrome.
Eric On Tue, Sep 6, 2016 at 12:41 PM, Melvin Backus <[email protected]> wrote: > I realize it may create a different set of security problems, but using > another browser would also eliminate that step since AFAIK IE is the only > one that does the download to the temp folder first. Most others download > it as a temp file into the target location instead. I’ve actually had > issues with that specific characteristic when downloading large files > targeted for secondary drives because the temp folder on C: runs out of > space. L > > > > > > -- > There are 10 kinds of people in the world... > those who understand binary and those who don't. > > > > *From:* [email protected] [mailto:listsadmin@lists. > myitforum.com] *On Behalf Of *Eric Wittersheim > *Sent:* Tuesday, September 6, 2016 12:49 PM > *To:* [email protected] > *Subject:* Re: [NTSysADM] EFS and Temporary files > > > > Paul, > > > > I don't believe the Apache server has sftp configured. There is a web > application built already that is set to severely limit access to these > files. My guess is they would have to rebuild that back end to make it > happen. But, that's a good idea and if the security team pushes I will > suggest that as an option. > > > > Eric > > > > On Tue, Sep 6, 2016 at 11:31 AM, Maglinger, Paul <[email protected]> > wrote: > > Can you use sftp to transfer the files? > > > > -Paul > > > > *From:* [email protected] [mailto:listsadmin@lists. > myitforum.com] *On Behalf Of *Eric Wittersheim > *Sent:* Tuesday, September 06, 2016 11:19 AM > *To:* [email protected] > *Subject:* [NTSysADM] EFS and Temporary files > > > > I have a project that is in a highly secured environment and is governed > by our PCI policies. The project will allow a user to log into a locked > down Hyper V VM that is running Windows 2012 R2 server and open IE 11 to > download WAV files from a second Apache server on the local subnet. The > download directory has been redirected to a folder that is encrypted using > EFS so all files are encrypted as well. Once the project time frame is > complete the downloads are deleted with evidence provided that the files > are removed. We can't securely erase the hard drives because multiple > projects will be running at the same time. So it has been determined that > a deleted file that was encrypted meets the security team requirements. > > > > What my main concern is the actual download process of the file. I > believe the file might be going to a temp folder in the users profile > folder unencrypted before being copied over by the OS to the EFS encrypted > folder. Thus leaving those unencrypted bits on the hard drive. At this > point I don't know of any way of getting around this problem. > > > > 1. Has anyone successfully used EFS on the users iNetCache (or IE temp > directory)? > > 2. Does anyone have any ideas on how to do this differently? > > > > > > Thank you in advance for any pointers, > > > > Eric > > > > > > > > >
