RE: Protect folder data.

From: webbi@sapc.edu
Date: 11/22/02

  • Next message: Richard Westlake: "Re: IP to MAC mapping" 
    From: webbi@sapc.edu
To: security-basics@securityfocus.com
Date: Fri, 22 Nov 2002 01:25:13 -0500

    (response inline)

    -----Original Message-----
    >I have some highly confidential data that I frequently access on in a
    folder
    >that is on my desktop computer (ie win2k). I want to make sure no one but
    >me will able to see this data. Does anyone know of any freeware\shareware
    >that will 1) en-crypt the data in the folder and/or 2) require a password
    >to open up the folder? I need to make sure a person like our lan admin or
    >desk top support person can not figure out a way to get to the data.

    >Win2k and XP with NTFS are able to encrypt files on your disk.
    >Just right click on your object and select Properties\Advanced.
    >It's not possible to see data without logging in with your account.

    Yes, but if you're in a domain, there will always be a recovery agent. If
    you need to keep your data so that no domain admin can do a recovery on it
    and bypass your password, don't use EFS. (If I'm wrong about this, and
    there's a way to turn off the recovery agent in a domain environment,
    someone please correct me.) If you're not in a domain environment, or you
    are but trust whoever has the recovery agent account, I'd highly recommend
    the WinXP version of EFS over the Win2K version. XP uses your password as
    the key, while 2K stores your certificate in your profile. This means that
    if someone was to boot your 2K machine with EFS and change your password,
    then log on as you with the new password, they'd be able to access your
    encrypted files. In XP, any offline password change (one made without
    entering your old password first) will make your encrypted files completely
    inaccessible. I'm not sure if later changing your password back to the one
    it was set to before the offline change will make them accessible again, or
    if you permanently lose access.

    Relevant Pages

    • Force Offline Files fix not working
      ... Win2K Server as my desktop OS. ... I have a folder that resides on one of the ... Configure Slow Link Speed Group Policy does not force offline files to ...
      (microsoft.public.win2000.networking)
    • Re: Files with Denied access
      ... This is what strong encryption means. ... No backups of the certs or a recovery agent precludes the ability to recover ... installation in which they were created. ... I can see the folder sitting there, ...
      (microsoft.public.windowsxp.general)
    • Re: encryption
      ... You need to have a Recovery Agent designated BEFORE. ... > cipher command and put in trusted certificates folder, ... > now recovery agent is administrator, but nothing happend, ... i cant decrypt my files as only folder ...
      (microsoft.public.windowsxp.security_admin)
    • Cant anyone help???
      ... generic log in, but the teachers have their folders stored on a Win2K ... when they access their folder they get a log in screen asking ... I am not talking about the DUN option, this is for access a share on a win2k ...
      (microsoft.public.windowsxp.security_admin)
    • Re: "Apply to all folder" view doesnt work much better in XP than in Win2K, how to fix?
      ... When I would set all folder to details view in Win98SE after adjusting ... fault with Win2K otherwise it wouldn't be a problem no matter where I ... most efficient use of LFNs and file saving in details view. ...
      (microsoft.public.windowsxp.help_and_support)
    Loading