Re: Microsoft EFS

From: Paul Adare <padare@xxxxxxxxxxx>
Date: Wed, 20 Sep 2006 10:07:21 -0400

In article <1158760542.428980.69490
@h48g2000cwc.googlegroups.com>, in the
microsoft.public.security news group, mohan <bluetooth995
@gmail.com> says...

Hi

Few questions on EFS.

1) XP in domain environment. Can I copy the encypted EFS folder
to my portable USB drive? The drive is NTFS format. I know I can't if
the external drive is FAT/FAT32. What about NTFS?

You can copy the folder regardless of the file system. If
the destination drive is NTFS, the encryption will be
maintained, if the destination is FAT/FAT32, the copy will
be decrypted.

2)If I have encrypted EFS folder, and I backup to tape and store for
one year.
When I restore the folder from tape a year later Can I still read -
decrypt the folder ?

Assuming that you still have access to the certificate and
keys that were used for the initial encryption, then yes.

The password I am using now is definitely different for my password a
year ago... so how?
Since the EFS encrypted folder was archived to tape no longer on my
machine, then it will not get updated (I understand for EFS the key to
decrypt is tied to my password) when I change my password.

You don't understand how this works. The encryption is not
tied to your password, and encrypted files do not get
updated when your password changes. Access to the key used
for encryption is protected by your password (really
simplifying how this actually works here, check out DPAPI
on the Microsoft web site for details). As above, as long
as you still have access to the key used you can decrypt.

--
Paul Adare - MVP Virtual Machines
It all began with Adam. He was the first man to tell a
joke--or a lie. How lucky Adam was. He knew when he said a
good thing, nobody had said it before. Adam was not alone
in the Garden of Eden, however, and does not deserve all
the credit; much is due to Eve, the first woman, and Satan,
the first consultant." - Mark Twain
.

References:
- Microsoft EFS
  - From: mohan

Prev by Date: Microsoft EFS
Next by Date: Re: How can I create a second certificate authority server for redunda
Previous by thread: Microsoft EFS
Next by thread: Re: How can I create a second certificate authority server for redunda
Index(es):
- Date
- Thread

Relevant Pages

Re: Serious EFS Issue
... user's information it copied her Documents and Settings to the 2003 server. ... I am also using folder redirection with her My Documents folder, ... where I am having issues with her data encryption. ... > for use with EFS (use the account to look in the Certificates ...
(microsoft.public.windows.server.security)
Re: EFS Recover Agents Unable to decrypt files
... Permissions were checked to make sure that the EFS RA had full ... The EFS RA imported it's EFS RA certificate from storage in a secure ... I tried to decrypt the file after only importing the ... a special recovery key is created with the encryption process. ...
(microsoft.public.win2000.file_system)
Re: Recover encrypted file?
... If it can decrypt, it will tell you that it only decrypts ... Since your computer's and users' SIDs changed your EFS private key will no ... want to buy the full version for $99 to try and recover your files. ... > that encryption keys must be backed up separately from a normal backup (which ...
(microsoft.public.windowsxp.security_admin)
Re: Using EFS for laptops in a domain
... Another good place to post EFS ... But the real test is dragging an encrypted file into the folder. ... when I drag it to the correct spot on the server, ... I don't want to disable encryption on the server, ...
(microsoft.public.windowsxp.security_admin)
Re: Using EFS for laptops in a domain
... the folder. ... EFS and had not found anything. ... I'll give the folder disabling a try and ... I don't want to disable encryption on the server, ...
(microsoft.public.windowsxp.security_admin)