LAB : CONFIGURING FILE SERVICES AND DISK ENCRYPTION
Exercise 6.1 Encrypting Files with EFS
Overview
For files that are extremely sensitive, you can use EFS to encrypt the files. During this exercise, you encrypt a file using Encrypting File System (EFS), which is a built-in feature of NTFS.
Mindset
Encryption is a way to add an additional layer of security. If the laptop is stolen and the hard drive is put into another system where the thief or hacker is an administrator, the files could not be read without the proper key. If you want to encrypt individual documents, you can use Encrypting File System (EFS).
Exercise 6.2 Configuring the EFS Recovery Agent
Overview
During this exercise, you configure EFS Recovery Agents so that you can recover EFS encrypted files although the agent is not the owner of the file.
Mindset
When an employee leaves the company, that employee's files might be encrypted, which would be unreadable to anyone else. Using an EFS recovery agent, you will be able to recover those files and make them available to the user or users who have replaced the departed user.
Exercise 6.3 Backing Up and Restoring EFS Certificates
Overview
During this exercise, you backup an EFS certificate which you later restoreafter you delete the certificate.
Mindset
You have a standalone computer that failed and had to be rebuilt. On the computer, you had some files that were encrypted with EFS. Fortunately, you backed up the files from time to time to a removable drive. After you rebuilt the computer, you copied the files from the removable drive.
Although you are using the same username and password that you used before, you cannot open the files because they are encrypted. Unfortunately, there is not much you can do unless you have the EFS certificates with the correct keys to decipher the documents. Therefore, it is important that you always have a backup of the EFS certificates in case the system needs to be replaced.
Exercise 6.4 Encrypting a Volume with BitLocker
Overview
In this exercise, you create a new volume and then use BitLocker to encrypt the entire volume.
Mindset
EFS will encrypt only individual files; BitLocker can encrypt an entire volume. Therefore, if you want to encrypt an entire drive on a laptop, you can use BitLocker.
LAB REVIEW QUESTIONS
1. In Exercise 6.1, how do you enable EFS?
2. In Exercise 6.1, how do you allow other users to view an EFS file that you encrypted?
3. In Exercise 6.2, how does a user get to be an EFS Recovery Agent?
4. In Exercise 6.3, what format did you use when backing up the certificates, so that it can also store the private and public keys?
5. In Exercise 6.4, what did you use to encrypt an entire volume?
6. In Exercise 6.4, from where do you control BitLocker?
Lab Challenge Deploying Network Unlock
Overview
To complete this challenge, you will list the software components needed to implement Network Unlock and specify the server to which you would install the software component.
Mindset
You are an administrator for Contoso.com and you need to deploy Network Unlock on the Contoso network.