Group: Forum Members
Indeed, & that secures the data at rest, which usually meets minimum regulatory requirements for most use cases, & even v5 worked well with VeraCrypt full drive encryption. However, if the machine is typically powered on 24/7 with the drive thus unlocked I have doubts Windows security matches AES encryption with a well chosen passphrase, no matter how tight group policy (if available) may have password strength & rotation set. Even if potential malware infiltrated the network, it can't even potentially phone home with the content of encrypted files.
This is more in the nature of "nice to have security enhancement" rather than anything mission critical.
Doubtless were I to put forth the effort, I could script something using a tool such as AES-Crypt, or possibly even 7zip running post-backup, or even secure delete the relevant logs, which would only solve it for me, not for anyone else who desired such a thing.