I've been asked to look at some ideas for the use of USB sticks in our Environment to allow some quasi - romaing abilities for users without laptops.
The first solution that saprings to mind is a USB stick , especially due to cost / conveniance factors.
Its not that easy however ( it never is). I'd like the sticks to only work when connected to our network ( 2500+ machines , W2k single Domain AD ) I'd also like data to be only accessable by the user and admins.I dont want anything other than "approved" devices to connect either.Just to make it eaven more fun , this might get issued to a fair few number of users so some form of centralised management would have to be possible.
I've had a quick look at some of the 3rd party USB encryption products , but none seem to be designed to prevent insertion into an untrusted machine.
My other first thought woudl be to use the full extent of NTFS encyption - we have a number of CA's installed in the domain so that you'd need to contact one of them prior to being able to decrpt , which woudl solve the first and secoind issues , but wouldn't prevent untrusted sticks being used.
I suppose that could be combined with a 3rd party USB management tool , which I think creates an MD5 hash for each stick , and hance a liust of trusted devices ?
any ideas folks. If you want more detail , ask , if its not too confidential , then I'll post it here.


LinkBack URL
About LinkBacks
). I'd like the sticks to only work when connected to our network ( 2500+ machines , W2k single Domain AD ) I'd also like data to be only accessable by the user and admins.I dont want anything other than "approved" devices to connect either.Just to make it eaven more fun , this might get issued to a fair few number of users so some form of centralised management would have to be possible.
Reply With Quote
