encrypted folder question

[njem]

I would like to give a tech who does backup access to backup some
files but keep them encrypted so the tech can't read the files. My
backup program can do its own encryption but that doesn't help. The
nightly backup fetches files from systems all over the building into a
big backup. We're not going to set up separate backups for every user
who has a couple of folders they want to keep private. If we encrypt
the entire backup the tech would need that password for anytime
someone says they need to restore a lost file.

I thought I could just encrypt a subfolder of mine but...
A: If I encrypt the folder and its contents then the backup says it
can't access the file.
B: If I just encrypt the folder then the backup pulls the file out of
the folder and puts it in the backup, where it is no longer encrypted.
Anyone who restores that file can read it.

I'm sure I'm missing something simple. How do I do this?

Thanks,
Tom

 

[John Wunderlich]

:

I would like to give a tech who does backup access to backup some
files but keep them encrypted so the tech can't read the files. My
backup program can do its own encryption but that doesn't help.
The nightly backup fetches files from systems all over the
building into a big backup. We're not going to set up separate
backups for every user who has a couple of folders they want to
keep private. If we encrypt the entire backup the tech would need
that password for anytime someone says they need to restore a lost
file.

I thought I could just encrypt a subfolder of mine but...
A: If I encrypt the folder and its contents then the backup says
it can't access the file.
B: If I just encrypt the folder then the backup pulls the file out
of the folder and puts it in the backup, where it is no longer
encrypted. Anyone who restores that file can read it.

I'm sure I'm missing something simple. How do I do this?

Thanks,
Tom

I would install the freeware program "Truecrypt".
<http://www.truecrypt.org>

You can then create an encrypted container file which, under Truecrypt
and with a password, will mount as another disk. Anything written or
read to this virtual disk will be encrypted on-the-fly. Once
dismounted, the container file exists on your computer as an ordinary
file that contains your encrypted data and can be backed-up, restored,
or whatever and is indistinguishable from any other ordinary file on
your system.

HTH,
John

 

[njem]

I looked at Truecrypt once for an external backup disk. Pretty good
program and I may use it if I need to. This will need to be applied to
a number of systems around the office and it would be nice to just
turn on XP encryption as needed. I hope I'm missing something about
how to use XP encryption for this. Is it your understanding XP won't
do what I want?

 

[Twayne]

I would like to give a tech who does backup access to backup some

files but keep them encrypted so the tech can't read the files. My
backup program can do its own encryption but that doesn't help. The
nightly backup fetches files from systems all over the building into a
big backup. We're not going to set up separate backups for every user
who has a couple of folders they want to keep private. If we encrypt
the entire backup the tech would need that password for anytime
someone says they need to restore a lost file.

I thought I could just encrypt a subfolder of mine but...
A: If I encrypt the folder and its contents then the backup says it
can't access the file.
B: If I just encrypt the folder then the backup pulls the file out of
the folder and puts it in the backup, where it is no longer encrypted.
Anyone who restores that file can read it.

I'm sure I'm missing something simple. How do I do this?

Thanks,
Tom

Not sure, but ... I don't think XP encryption is what you want here. Go
to Help and read the part about moving & copying encrypted files
corrupted files, etc., and how to make certain you don't lose access to
them by those methods. If a machine or drive ever goes belly up, all
those files will be lost without the key CD, too; MS made sure of that.
Well, it IS encryption, after all.
For sure I know you'd never unencrypt them on a different machine
without the key CD.
I -think- encrypting them on the server would make them only
accessible to the server. And if you can't do that, then each client
would need to do the encryption which gets out of hand real fast. AFAIK
only the user can encrypt/decrypt his own files and he'd better have
that key CD! If you do find a way to do it, TEST TEST TEST, and then
test it a couple more times for problems!!!
IMO you want/need a 3rd party and probably not one of the freebies
but something professional with support, especially if these are files
that are MUST HAVES RECOVERED.

HTH

 

[John Wunderlich]

m:

I looked at Truecrypt once for an external backup disk. Pretty
good program and I may use it if I need to. This will need to be
applied to a number of systems around the office and it would be
nice to just turn on XP encryption as needed. I hope I'm missing
something about how to use XP encryption for this. Is it your
understanding XP won't do what I want?

Microsoft's EFS encryption is tied very strongly to one user on one
machine. It wouldn't surprise me if you aren't missing anything. If
your machine ever crashes and you don't have a backup of your
certificates, you'll lose the information permanently even if you can
recover the file. (This newsgroup is full of past posts that can attest
to that).

Truecrypt's containers work well on any machine and can even be used
securely over a networked drive. The encryption key is contained
(encrypted) in the first kilobyte or so of the container and Truecrypt
has a utility to back this up if you are worried about losing data due
to file corruption. Truecrypt has pretty good pedigree and IMHO it is
one of the best freeware out there. It features a "Traveller Mode"
such that it can be used on other systems (via USB thumbdrive, etc)
without installing the application although the caveat is that the user
must have Administrator privilege on the machine.

-- John