Re: EFS not secure on LAN

From: Steven Umbach (n9rou_at_comcast.com)
Date: 07/31/03


Date: Thu, 31 Jul 2003 06:06:16 GMT


       Once files have been actually encrypted then they should only be
unencrypted by the private key of the user that encrypted them or the recovery
agent in effect at that time. Possibly there were unencrypted copies somewhere
in ram or maybe on the hard drive memory cache. If you import the private key
again, then only the user/recovery agent should be able to access the data in
the files. If that is not the case I would implement auditing of the encrypted
folder/files to see if they are in fact being physically accessed and by who. I
would also use cipher to verify exactly which files are encrypted and then use
efsinfo to see what user has actually encrypted the files and who the recovery
agents are. Certain file types, like those with the system attribute can not be
encrypted. It is also best practice to only encrypt folders and then place files
into folders to be encrypted. If you encrypt a folder with files in it, you are
given the option to encrypt existing files also - otherwise they are not
encrypted. I have also heard of situations where a folder was not encrypted -
just the files, and an application created temporary unencrypted files from the
encrypted files and even saved the edited file [same file name] as
encrypted.. --- Steve

"Rob Rohrbough" <Rob_RSD@yahoo.com> wrote in message
news:0bce01c3570f$23a8b210$7d02280a@phx.gbl...
> Steven,
>
> Thanks for your reply. They can see the actual data. I
> did play around with the NTFS file permissions and was
> able to restrict access to directories by share. It
> appears that, if you can gain access to a share up the
> hierarchy, sub-folders will appear as well. That appears
> to be different than my experience with different users on
> the same machine.
>
> Anyway, after rebooting, the lack of a certificate kept
> everyone, including the owner, from seeing the data in the
> files. Apparently there is some kind of cache working
> that needs to be cleared. It would be nice if there is a
> less-severe way of clearing the cache. You have any ideas?
>
> Thanks again,
>
> Rob
>
>
> >-----Original Message-----
> > They can see the files or they can see the actual
> data? Check ntfs
> >advanced permissions also to see if any users or groups
> exist there. Make
> >sure that just the user you want is included in the ntfs
> permissions and
> >system if it is there, no one else - no everyone, users,
> power users,
> >guest, etc. Double check that the permissions assigned to
> the folder have
> >actually propagated down to the individual files. Check
> the properties of
> >the files to make sure they are in fact encrypted and use
> the cipher utility
> >in that folder to see if it reports the same. If network
> users have proper
> >ntfs/share permissions, they may be able to "see" the
> encrypted files but
> >not the file contents if they are in fact encrypted they
> would get an access
> >denied message when trying to access a file. You may
> also want to
> >reconsider sharing a whole drive, though that is not the
> problem with your
> >EFS.--- Steve
> >
> >http://support.microsoft.com/default.aspx?scid=kb;en-
> us;298009
> >http://support.microsoft.com/default.aspx?scid=kb;EN-
> US;223316
> >
> >"Rob Rohrbough" <Rob_RSD@yahoo.com> wrote in message
> >news:03af01c356e5$665657e0$a501280a@phx.gbl...
> >> I have Win2k pro on a workgroup LAN. I have marked a
> >> directory as secure and removed all permissions but the
> >> owner's. When I log into the computer with another user
> >> name, the folder is not accessible to that user.
> >>
> >> However, that directory is on a drive that is shared
> with
> >> other computers on my peer-to-peer LAN. Users on any
> >> WinNT-based machine can see the encrypted data; users on
> >> Win0x-based machines are restricted fromt the directory.
> >>
> >> I have removed the certificate from the system.
> >>
> >> What am I doing wrong?
> >>
> >> TIA,
> >>
> >> Rob
> >
> >
> >.
> >



Relevant Pages

  • Re: Enable "Encrypt contents to secure data" option in Windows Exp
    ... option available during install). ... to green for the folder and file names, ... Select the folder you wish to encrypt. ... In order for this option to work in Microsoft Windows XP home you must ...
    (microsoft.public.windowsxp.general)
  • Help Me Kill All Security Except Firewall
    ... >>permissions without getting into special permissions. ... >>problem is one folder on my D drive that has willy ... >>allow me to clear the read only and encrypt check.Last ... I went to admin services to security settings to ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Sharing Folders using EFS in XP Pro
    ... someone else (who isn't a Microsoft employee) on the newsgroup can. ... >> files in the "Shared Documents" folder. ... >> to encrypt the folder, but only the user that encrypts it ... > folder in Windows XP. ...
    (microsoft.public.windowsxp.security_admin)
  • Securing your Windows computer from data theft
    ... The problem is that when Windows is reinstalled on ... What you merely do is select a folder in the Windows Explorer and then ... because you want to encrypt all the files in the folder right away. ... folder to the USB flash disk it's unencrypted on the flash disk and can be ...
    (alt.privacy)
  • Re: Securing your Windows computer from data theft
    ... > can now seen by the person who reinstalled Windows ... > What you merely do is select a folder in the Windows Explorer and then ... > because you want to encrypt all the files in the folder right away. ... > folder to the USB flash disk it's unencrypted on the flash disk and can be ...
    (alt.privacy)