https://4sysops.com/archives/configure-and-enabling-bitlocker-on-windows-server/
Don't necessarily need TPM - a USB stick should do Kurt On Tue, Sep 6, 2016 at 11:44 AM, Eric Wittersheim <[email protected]> wrote: > Kevin, > > We don't have a TPM on that server to use Bitlocker. > > Eric > > On Tue, Sep 6, 2016 at 12:40 PM, Kevin Lundy <[email protected]> wrote: >> >> Bitlocker and encrypt the entire volume(s)? >> >> On Tue, Sep 6, 2016 at 12:18 PM, Eric Wittersheim >> <[email protected]> wrote: >>> >>> I have a project that is in a highly secured environment and is governed >>> by our PCI policies. The project will allow a user to log into a locked >>> down Hyper V VM that is running Windows 2012 R2 server and open IE 11 to >>> download WAV files from a second Apache server on the local subnet. The >>> download directory has been redirected to a folder that is encrypted using >>> EFS so all files are encrypted as well. Once the project time frame is >>> complete the downloads are deleted with evidence provided that the files are >>> removed. We can't securely erase the hard drives because multiple projects >>> will be running at the same time. So it has been determined that a deleted >>> file that was encrypted meets the security team requirements. >>> >>> What my main concern is the actual download process of the file. I >>> believe the file might be going to a temp folder in the users profile folder >>> unencrypted before being copied over by the OS to the EFS encrypted folder. >>> Thus leaving those unencrypted bits on the hard drive. At this point I >>> don't know of any way of getting around this problem. >>> >>> 1. Has anyone successfully used EFS on the users iNetCache (or IE temp >>> directory)? >>> 2. Does anyone have any ideas on how to do this differently? >>> >>> >>> Thank you in advance for any pointers, >>> >>> Eric >>> >>> >>> >> >> >
