This is a very good question from the user's perspective.
Unfortunately, there isn't an answer that I know that can fully satisfy
The issue with Password Protect, Encrypted files and/or folders is
something that I have spent some time thinking about. It really boils
down to data recovery. Stand alone encryption software such as
TrueCrypt do a great job on an individual level but falls short
(probably maybe by design) in providing a management feature that allows
for a reasonable path to data recovery.
In response to your second question:
We are deploying CompuSec with SafeLAN to provide data encryption to
Windows Users. Files and Folders (local and network) can be set to be
encrypted/decrypted on the fly, the users don't manage any keys or extra
passwords but it does require a client to make this happen. It is clumsy
to configure on the Admin side but does satisfy requirements that we
have set forth. On the user's side it is very easy to work with and
offers real easy data recovery.
I am happy to talk offline if you are interested in more details.
From: David Cowes [mailto:[log in to unmask]]
Sent: Tuesday, October 25, 2011 10:26 AM
To: [log in to unmask]
Subject: Re: [MSUNAG] Protected folders, TrueCrypt, etc.?
Not sure if this is what you're looking for, but Truecrypt seems to
provide alternate access to a container where the user has forgotten the
The FAQ question: "We use TrueCrypt in a corporate/enterprise
environment. Is there a way for an administrator to reset a volume
password or pre-boot authentication password when a user forgets it (or
loses a keyfile)?"
From: David McFarlane [mailto:[log in to unmask]]
Sent: Tuesday, October 25, 2011 10:10 AM
To: [log in to unmask]
Subject: [MSUNAG] Protected folders, TrueCrypt, etc.?
From time to time we get a request from a user for a password
protected folder in MS Windows. Here is a typical request: "I am
wondering if there is a known way to password protect a folder the
way you could to a microsoft word document or microsoft excel
document?" So users understand how to password protect some
individual files (although they may not understand the difference
between mere password protection and actual encryption), and our IT
staff understand how to password protect an entire drive, but we seem
to be missing a suitable way to password protect (or better, encrypt)
single folders in Windows.
I have dabbled with TrueCrypt as one solution, but that seems to
leave something to be desired, both in terms of convenience for the
user, and in terms of IT support should the user ever lose their
password (wouldn't it be nice, for these situations, to have some
system that implemented *two* passwords, one under IT control as a
sort of "backdoor", and another for the user?).
So here are my questions for you all:
- In particular, have you ever used TrueCrypt for any of your Windows
users at MSU? How did that work out?
- In general, what sort of data protection or encryption facilities
have you provided for your Windows users?
David McFarlane, Systems Designer
Dept. Psychology, Michigan State University