Re: EFS and laptops

---

• From: alun@xxxxxxxxxxxxx (Alun Jones)
• Date: Wed, 28 Dec 2005 05:07:36 GMT

---

In article <#HIe7YxCGHA.3976@xxxxxxxxxxxxxxxxxxxx>, "Steven L Umbach"
<n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
>As long as the EFS private key is on the computer there is a potential
>vulnerability to access to files. For domain users logging on with cached
>domain credentials the likelihood of retrieving the domain user password is
>extremely remote last I heard as that password is not stored in SAM and is
>encrypted very securely.

Note that "the EFS private key is on the computer" in an encrypted form,
encrypted by the password that was used to access the account - if the account
password is not in storage that you can get to, neither is the EFS private
key.

> Another thing you could do for a non domain user
>account if you are also a local administrator for XP Pro is to "reset" your
>user password before you logoff using lusrmgr.msc and then change it back to
>what it was after you logon again. That may be more convenient than
>exporting and deleting/and importing the EFS private key. Of course that
>assumes that an attacker has not installed a keyboard logger on your
>computer to capture our credentials. --- Steve

Yeah - physical security is essential. Whole-disk encryption may prove to be
a help in that area, but I have yet to evaluate it myself.

Alun.
~~~~

[Please don't email posters, if a Usenet response is appropriate.]
--
Texas Imperial Software | Find us at http://www.wftpd.com or email
23921 57th Ave SE | alun@xxxxxxxxxx
Washington WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(425)807-1787 | Try our NEW client software, WFTPD Explorer.
.

---

• References:
  • EFS and laptops
    • From: Shion Uzuki
  • Re: EFS and laptops
    • From: Steven L Umbach

• Prev by Date: Re: Unable to access Security Event Log Windows 2003 Stand alone
• Next by Date: Re: windows server 2003 and folders
• Previous by thread: Re: EFS and laptops
• Next by thread: Re: EFS and laptops
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: HELP ... users private key you would need to have a backed up copy from the old operating ... A Recovery Agent would need to have been ... > 3- you have the EFS private key for the Recovery agent in a .pfx ... >>> MESSSGAE AND ITS UNABLE TO REMOVE THE ENCRYPTION AND DISPLAY ACCESS ... (microsoft.public.windows.group_policy) Re: Why I cant access my own files? ... encrypted file that he does not have the efs private key for. ... recovery agent may be able to decrypt it. ... > In the NTFS file system there is extra security and encryption information ... If the top folder has ... (microsoft.public.win2000.security) Re: cannot access file after rebuilt PC ... windows uses a key assigned to the user who encrypted the file. ... >YOu have lost the EFS private key for encryption when you blew away the ... you have made a donation to the lost keys gods... ... (microsoft.public.security) Re: encrypted files ... --- Steve ... >>Bottom line is that the EFS private key used to decrypt ... > encryption. ... >>If you backed up your EFS private key or recovery agent ... (microsoft.public.win2000.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.security  > 2005-12