views:

245

answers:

3

I'm preparing a laptop to take with me while travelling, so all my user data is encrypted using EFS in case someone decides to steal it. I also need to set up a couple of local sites for development with IIS. If I turn off encryption on the wwwroot of a site, IIS can serve it just fine. However, I really would like to be able to use encryption here as well.

I've tried these steps: http://support.microsoft.com/kb/243756

When I try to view the local site in IE, I get a login dialog as expected, but it doesn't accept my credentials, although this is the account I use to encrypt the served files. Has anyone tried this and got it to work?

+1  A: 

EFS and IIS really don't play nicely together. The IIS services (typically) runs under "Network Service" which doesn't have access to your user account's EFS decryption key.

You have two options with IIS:

  1. Run "IIS Admin Service" and "World Wide Web Publishing Service" as your personal account, along with running any web site's anonymous user as this account.

  2. Flag the InetPub directory as Never Encrypt.

#1 is obviously the best bet for security/encryption purposes, but its going to be a challenge to set up the appropriate rights for your account to run these services.

You might want to consider just using Visual Studio's built in web server (Cassini) which gets aroung the encryption problem since it runs as your personal account, but it does have some of its own issues.

Christopher_G_Lewis
The problem I have with #1 is that IIS has to store my password somewhere, which sort of defeats the purpose of encrypting data with the same password...
Frederik Slijkerman
Actually, you'll be setting the user/password in Services.MSC, which is then encrypted by your system. With Vista and IIS 7, this is encrypted. Win XP and IIS 5.1 its hidden, but easily shown to an admin of your server with MetaBase explorer.
Christopher_G_Lewis
A: 

Full hard drive encryption sounds more appropriate. I've had good results with the free version of CompuSec from

http://www.ce-infosys.com/english/downloads/free%5Fcompusec/

wefwfwefwe
A: 

Thanks for the answers -- I've now decided to take the easy route and put all my web files in a TrueCrypt volume that I'll mount whenever I need to work on any local web sites, together with any database data. This is definitely the safest as far as I can see.

Frederik Slijkerman
With Vista/Win7, I've had lots of luck with BitLocker.
Christopher_G_Lewis
That doesn't work together with Boot Camp on a Mac...
Frederik Slijkerman