Re: Cached Domain Password on Notebook, secure?

From: Laura A. Robinson (larobins@bellatlantic.net)
Date: 02/23/02 

From: "Laura A. Robinson" <larobins@bellatlantic.net>
To: "richard" <Richard.Lovekin@chapelhill1.demon.co.uk>, "Varga Daniel (QI/RZS4) *" <Daniel.Varga@de.bosch.com>, <focus-ms@securityfocus.com>
Date: Sat, 23 Feb 2002 03:48:41 -0500

> MS EFS is particularly eccentric. It decrypts to backup

Can you quote a source for the above?

Can you explain this?
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q227825

Or this?
http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/prodtechn
ol/windows2000serv/deploy/confeat/efsguide.asp

"Backing Up an Encrypted Folder or File
The following explains the procedures and limitations for backing up
encrypted folders or files.
Backing up by copying. Backup created using the Copy command or menu
selection can end up in clear text, as explained previously in the section,
Copying an Encrypted Folder or File. Backing up using Backup in Windows 2000
or any backup utility that supports Windows 2000 features. This is the
recommended way to back up encrypted files. The backup operation maintains
the file encryption, and the backup operator does not need access to private
keys to do the backup; they only need access to the file or folder to
complete the task. "

> or to move a ny
> file across the network.

Which it's not recommended for server-based files.

More from the above link:

"The following explains the procedures and limitations for copying encrypted
folders or files on the same volume and from one volume to another.
To copy a file or folder on the same computer from one NTFS partition in a
Windows 2000 location to another NTFS partition in a Windows 2000 location.
Copy the file or folder as you would an unencrypted file. Use Windows
Explorer or the command prompt. The copy is encrypted.
To copy a file or folder on the same computer from an NTFS partition in a
Windows 2000 volume to a FAT partition. Copy the file or folder as you would
an unencrypted file. Use Windows Explorer or the command prompt. Because the
destination file system does not support encryption, the copy is in clear
text.
To copy a file or folder to a different computer where both use the NTFS
partitions in Windows 2000. Copy the file or folder as you would an
unencrypted file. Use Windows Explorer or the command prompt. If the remote
computer allows you to encrypt files, the copy is encrypted; otherwise it is
in clear text. Note that the remote computer must be trusted for delegation;
in a domain environment, remote encryption is not enabled by default.
To copy a file or folder to a different computer from an NTFS partition in a
Windows 2000 location to a FAT or NTFS in a Windows NTŪ 4.0 location. Copy
the file or folder as you would an unencrypted file. Use Windows Explorer or
the command prompt. Because the destination file system does not support
encryption, the copy is in clear text."

>Aussi, it leaves plain-text all over the Temp
> files.

If you encrypt a directory *before* placing files in it, no unencrypted temp
files are created. When an application opens a temporary copy of an
encrypted file, it, too, is encrypted. The only time there is ever a "clear"
copy of an encrypted file is if one encrypts a file after it has been
created in an unencrypted directory. This has been addressed with the new
version of cipher.exe.

>Be very afraid of it.

Or learn more about it?

Another useful link related to other comments in this thread:

http://www.microsoft.com/windows2000/techinfo/reskit/en/distrib/dsck_efs_iuf
i.htm

Laura

Relevant Pages

  • Re: Help Help Help Please !
    ... Take Ownership of a File or Folder in Windows XP ... not have permissions for if you are an administrator for that computer. ... Change the Folder Encryption Atribute. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: unable to find backup files when I returned from Vista to XP
    ... I am running Windows XP home edition. ... "access denied" message rather than simply not displaying a folder tree. ... diversity of backup media. ... removed Vista I went to F: and actually READ some of these files. ...
    (microsoft.public.windowsxp.general)
  • Re: CHKDSK found errors
    ... comment re. the I386 folder is interesting. ... > your Windows directory has the I386 folder in it, ... I had also made an image backup (with ... >>It makes sense that an image type backup might carry file system errors ...
    (microsoft.public.windowsxp.newusers)
  • Re: System Recovery?
    ... But Windows ... I went ahead and did a system recovery by pressing F10 before I boot. ... I had two separate user profiles, and there is a folder with my ... Always have a full and complete backup of important data. ...
    (microsoft.public.windowsxp.general)
  • Re: Backup of Doc. & Settings
    ... The destination folder is a subfolder of the source folder. ... And since you are trying to copy the %USERPROFILE% folder, ... -- The first workaround is to use the Backup Utility to backup the ... If your operating system is Windows XP Professional then the ...
    (microsoft.public.windowsxp.basics)