RE: Windows XP security concerns
From: Alun Jones (alun@texis.com)Date: 12/21/01
- Previous message: Frederic Brouille: "VIGILANTe advisory 2001003 : Atmel SNMP Non Public Community Stri ng DoS Vulnerability"
- In reply to: Geoff Sweet: "RE: Windows XP security concerns"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 21 Dec 2001 12:41:28 -0600 To: <gsweet@worldvision.org> From: Alun Jones <alun@texis.com>
At 12:42 PM 12/20/2001, Geoff Sweet wrote:
>Commenting on the loss of user data below: I don't think this is a
>critical issue. By default Win2K/XP adds the local Administrator as a
>Encrypted Data Recovery Agent. So while the pain-in-the-arse factor is
>there of needing to reset the password via the admin account, any
>encrypted data won't be lost due to loss of private key. The
>Administrator can still recover the data, then the user can re-encrypt it
>with his/her new credentials.
In case anyone's wondering how this works, the EFS encrypts the file with a
random key that is then encrypted with the public keys of the owner of the
file, and all EFS Recovery Agents at the time. You may have no recovery
agents, or one or more. [Windows 2000 requires _one_ recovery agent at
least, to have EFS]. Check out
http://www.microsoft.com/windows2000/techinfo/howitworks/security/encrypt.asp
for more details of the Windows 2000 version - I'm not sure where the XP
documentation is, but I had this link handy.
Alun.
~~~~
-- Texas Imperial Software | Try WFTPD, the Windows FTP Server. Find us at 1602 Harvest Moon Place | http://www.wftpd.com or email alun@texis.com Cedar Park TX 78613-1419 | VISA/MC accepted. NT-based sites, be sure to Fax/Voice +1(512)258-9858 | read details of WFTPD Pro for NT.
- Previous message: Frederic Brouille: "VIGILANTe advisory 2001003 : Atmel SNMP Non Public Community Stri ng DoS Vulnerability"
- In reply to: Geoff Sweet: "RE: Windows XP security concerns"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
