Securing User State During Migration

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

In some organizations, keeping the user’s state secure from the IT technician who is performing the migration is a potential issue. In general, of course, IT technicians should be trusted people.

If the IT technician’s access to user state is a security concern for you, take these steps:

• Have the user drive the migration using either USMT or a scripted-manual method. Under the scripted-manual method, the user must be able to restore user state by logging on as the administrator.

• When securing the state in the temporary store, make sure that while the root folder might allow full user access, the individual user folders only allow access for IT staff and the owner of the folder.

• To protect data as it traverses the network, use Internet Protocol security (IPSec) or other network security protocols to secure these transfers.