device encryption

Discussion in 'Microsoft Surface Pro 3' started by cvc988, Aug 5, 2014.

  1. cvc988

    cvc988 Member

    Joined:
    Jul 25, 2014
    Messages:
    130
    Likes Received:
    3
    Trophy Points:
    18
    I have device encryption turned on. If another user is signed into my device (guest or otherwise), is there any way for them to access files in my user profile?
     
  2. graye

    graye Member

    Joined:
    Nov 1, 2012
    Messages:
    77
    Likes Received:
    17
    Trophy Points:
    8
    Are you talking about BitLocker as the "device encryption"? If so, that is designed to protect the contents of the hard drive "outside of" an authorized connection (such as you pull the hard drive and try to recover its contents from another PC, or booted from an alternate boot device). BitLocker provides no protection to authorized users who have been authenticated on the PC (such as a second user account).

    But, having said that.... The files in your profile are protected by the permissions on the files. This would prevent a non-administrator account from seeing your files. On the other hand, if the "other account" was an administrator, then they could alter the permissions and see your files.

    I can't tell from you question if you want to grant them access.... or are you trying to prevent access
     
    GreyFox7 likes this.
  3. cvc988

    cvc988 Member

    Joined:
    Jul 25, 2014
    Messages:
    130
    Likes Received:
    3
    Trophy Points:
    18
    So here is some more detail. I have a "guest" account enabled on my device. Say I lose the device, someone signs in as guest, what is at risk?
     
  4. jollywombat

    jollywombat Member

    Joined:
    Nov 25, 2013
    Messages:
    171
    Likes Received:
    22
    Trophy Points:
    18
    Location:
    NY, USA
    My Device:
    SPro2
    If it is a guest account, then no, they cannot see the files, they are limited to their profile.
     
  5. graye

    graye Member

    Joined:
    Nov 1, 2012
    Messages:
    77
    Likes Received:
    17
    Trophy Points:
    8
    Got it... Yes, you'd be OK. The guest account would not be allowed to see the files, and BitLocker would prevent a thief from gaining Admin access via boot tools.

    If you wanted to go one step further, you could also use file encryption on those files of concern. I wouldn't recommend using (Encrypted File System) EFS on all of the files in the profile... just the ones of concern (perhaps put them in a separate folder?).
     
    GreyFox7 likes this.

Share This Page

Search tags for this page
surface device encrytion
,
surface full device encryption
,
surface pro 3 device encryption
,
surface pro device encription
,

surface pro device encryption

,
user profile on bitlocker device