Re: Protecting Data on external USB Hard drive

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

---

• From: "Frank McCallister SBS MVP" <anonymous>
• Date: Sun, 12 Feb 2006 22:16:53 -0600

---

I just saw saw this response to another post.

snip-

From the description, I understand the issue to be: you want to know if you

can encrypt backup job on SBS 2003. As I know, you can encrypt the entire
volume for backup.

You can refer to the following KB article:

313277 HOW TO: Use Ntbackup to Recover an Encrypted File or Folder in
Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;EN-US;313277

You can also enable EFS on the backup on the external drive.

How to enable EFS on the backup:
============================

After creating the .bkf file on the external disk drive, we can then
encrypt it.

1. Right click the .bkf file and click Properties.
2. Click the Advnaced button on the General tab.
3. Select "Encrypt contents to secure data" checkbox and click OK.

As we need the EFS private key to decrypt the backup file, we need also
backup the EFS certificate and key specifically. Otherwise, if the system
crashes, we are unable to use the encrypted backup on the external drive.

How to back up your EFS certificate and key:
====================================

1. Open Internet Explorer.
2. Click Tools on the menu bar and select Internet Options.
3. Click the Content tab.
4. In the Certificates field, locate and click the Certificates button.

Verify you are in the Personal tab. There may be several certificates
present depending on whether you have installed certificates for other
purpose.

5. Highlight one certificate at a time until the field entitled
"Certificate Intended Purposes" states "Encrypting File System". This is
the certificate that was generated when you encrypted your first folder.

6. Click the Export button to start the Certificate Export Wizard.

7. Click Next.

8. Select "Yes, export the private key" to export the private key. Click
Next.

9. Leave the Default value of "Enable Strong protection (requires IE 5.0,
NT 4.0 SP4 or above).

10. Click Next.

11. Enter your password. You need a password to protect the private key.

12. Specify the path where you want to save the key. You can save the key
to a floppy, another location on the hard disk, or CD. If the hard disk
fails or is formatted the key and the backup will be lost. If you back up
the key to a floppy or CD it must be stored in a secure location. You will
need to give the backup file a location. Click Next once you have
specified the destination.

Note: Do not backup your EFS keys onto the same hard drive where you are
storing the actual backup. Make sure you backup the keys to other media
(floppy disk) and keep that in a safe place.

The following are good information on EFS:

The Windows Server 2003 Family Encrypting File System
http://www.msdn.microsoft.com/library/default.asp?url=/library/en-us/dnsecur
e/html/WinNETSrvr-EncryptedFileSystem.asp

Encrypting File System in Windows XP and Windows Server 2003
http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx#XS
LTsection127121120120

223316 Best Practices for the Encrypting File System
http://support.microsoft.com/?id=223316

308993 HOW TO: Remove File Encryption in Windows XP
http://support.microsoft.com/?id=308993

324897 HOW TO: Manage the Encrypting File System in Windows Server 2003
http://support.microsoft.com/?id=324897

Regarding restoring the SBS backup to a different hardware platform, as I
know, the hardware must be similar for a restore. This rule can be applied
to ALL Windows OS not only SBS. Here, I would like to explain this. When we
use SBS 2003 server backup, the system state will be archived. The system
state includes AD database, IIS metabase, registry, hardware information
and drivers etc. If you restore the system state to a different hardware,
the spare server could not operate because the original registry and
drivers do not match the hardware abstract layer (HAL) of the destination
server.

Actually, we do not support restoring a Windows system including SBS 2003
on a different hardware. If you do that, you may not be able to boot up the
server after the restoration. You may experience other unexpected issues
(such as unexpected shutdown) even though you can start the server.

I am appreciated your time and look forward to hearing from you.

Best regards,

Crina Li (MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security
snip-

--
Frank McCallister SBS MVP
COMPUMAC
"Roger Cook" <akazare@xxxxxxxxxxx> wrote in message
news:%23W2KkOBMGHA.1424@xxxxxxxxxxxxxxxxxxxxxxx

If using the in-built backup wizard in SBS is there any way to protect the
confidentaility of backup data directed to an external USB hard drive
(should that drive be stolen) ?

.

---

• Follow-Ups:
  • Re: Protecting Data on external USB Hard drive
    • From: CO-DBA-SC-EL

• References:
  • Protecting Data on external USB Hard drive
    • From: Roger Cook

• Prev by Date: Re: Migrating off of SBS 2003
• Next by Date: Re: Working offline - unavailable for reconnect
• Previous by thread: Re: Protecting Data on external USB Hard drive
• Next by thread: Re: Protecting Data on external USB Hard drive
• Index(es):
  • Date
  • Thread

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.sbs  > 2006-02