Aside from encryption and physical security, what other issues need to be considered when securing windows workstations (desktops/laptops), and how much of this is done locally on the device itself, and how much is rolled it out via an automated policy? Would prefer comments as opposed to links. I was also interested in what kinds of security attacks arent protected against on desktops/laptops when encryption is in use. I.e. what does encryption/physical security protect - and what doesnt it?

Hello, you can apply local security settings on machines, for example in an image that you use for all machines. And you can manage security settings also with GPO settings that may have more restrictions when the machines connect to the domain. http://technet.microsoft.com/en-us/library/cc163140.aspx http://technet.microsoft.com/en-us/library/cc184906.aspx http://msdn.microsoft.com/en-us/security/bb896640.aspx Encryption from hard disks has nothing to do with the above mentioned security settings. This is only to protect the hard disk from being accessed from other people without knowing the password and also boot disks like BartPe or similar will not be able to provide an overview about the file structure on the disks.Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.