Re: EFS not secure on LAN
From: Steven Umbach (n9rou_at_comcast.com)
Date: 07/31/03
- Next message: Sanjay Goel: "Re: local security policy"
- Previous message: Steven Umbach: "Re: EFS not secure on LAN"
- In reply to: Steven Umbach: "Re: EFS not secure on LAN"
- Next in thread: David Cross [MS]: "Re: EFS not secure on LAN"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 31 Jul 2003 06:11:37 GMT
Correction to last line of my reply. -- and an application created
temporary unencrypted files from the encrypted files and even saved the edited
file [same file name] as unencrypted.. --- Steve
"Steven Umbach" <n9rou@comcast.com> wrote in message
news:sl2Wa.16335$Oz4.6300@rwcrnsc54...
> Once files have been actually encrypted then they should only be
> unencrypted by the private key of the user that encrypted them or the recovery
> agent in effect at that time. Possibly there were unencrypted copies somewhere
> in ram or maybe on the hard drive memory cache. If you import the private key
> again, then only the user/recovery agent should be able to access the data in
> the files. If that is not the case I would implement auditing of the encrypted
> folder/files to see if they are in fact being physically accessed and by who.
I
> would also use cipher to verify exactly which files are encrypted and then use
> efsinfo to see what user has actually encrypted the files and who the recovery
> agents are. Certain file types, like those with the system attribute can not
be
> encrypted. It is also best practice to only encrypt folders and then place
files
> into folders to be encrypted. If you encrypt a folder with files in it, you
are
> given the option to encrypt existing files also - otherwise they are not
> encrypted. I have also heard of situations where a folder was not encrypted -
> just the files, and an application created temporary unencrypted files from
the
> encrypted files and even saved the edited file [same file name] as
> encrypted.. --- Steve
>
>
>
> "Rob Rohrbough" <Rob_RSD@yahoo.com> wrote in message
> news:0bce01c3570f$23a8b210$7d02280a@phx.gbl...
> > Steven,
> >
> > Thanks for your reply. They can see the actual data. I
> > did play around with the NTFS file permissions and was
> > able to restrict access to directories by share. It
> > appears that, if you can gain access to a share up the
> > hierarchy, sub-folders will appear as well. That appears
> > to be different than my experience with different users on
> > the same machine.
> >
> > Anyway, after rebooting, the lack of a certificate kept
> > everyone, including the owner, from seeing the data in the
> > files. Apparently there is some kind of cache working
> > that needs to be cleared. It would be nice if there is a
> > less-severe way of clearing the cache. You have any ideas?
> >
> > Thanks again,
> >
> > Rob
> >
> >
> > >-----Original Message-----
> > > They can see the files or they can see the actual
> > data? Check ntfs
> > >advanced permissions also to see if any users or groups
> > exist there. Make
> > >sure that just the user you want is included in the ntfs
> > permissions and
> > >system if it is there, no one else - no everyone, users,
> > power users,
> > >guest, etc. Double check that the permissions assigned to
> > the folder have
> > >actually propagated down to the individual files. Check
> > the properties of
> > >the files to make sure they are in fact encrypted and use
> > the cipher utility
> > >in that folder to see if it reports the same. If network
> > users have proper
> > >ntfs/share permissions, they may be able to "see" the
> > encrypted files but
> > >not the file contents if they are in fact encrypted they
> > would get an access
> > >denied message when trying to access a file. You may
> > also want to
> > >reconsider sharing a whole drive, though that is not the
> > problem with your
> > >EFS.--- Steve
> > >
> > >http://support.microsoft.com/default.aspx?scid=kb;en-
> > us;298009
> > >http://support.microsoft.com/default.aspx?scid=kb;EN-
> > US;223316
> > >
> > >"Rob Rohrbough" <Rob_RSD@yahoo.com> wrote in message
> > >news:03af01c356e5$665657e0$a501280a@phx.gbl...
> > >> I have Win2k pro on a workgroup LAN. I have marked a
> > >> directory as secure and removed all permissions but the
> > >> owner's. When I log into the computer with another user
> > >> name, the folder is not accessible to that user.
> > >>
> > >> However, that directory is on a drive that is shared
> > with
> > >> other computers on my peer-to-peer LAN. Users on any
> > >> WinNT-based machine can see the encrypted data; users on
> > >> Win0x-based machines are restricted fromt the directory.
> > >>
> > >> I have removed the certificate from the system.
> > >>
> > >> What am I doing wrong?
> > >>
> > >> TIA,
> > >>
> > >> Rob
> > >
> > >
> > >.
> > >
>
>
- Next message: Sanjay Goel: "Re: local security policy"
- Previous message: Steven Umbach: "Re: EFS not secure on LAN"
- In reply to: Steven Umbach: "Re: EFS not secure on LAN"
- Next in thread: David Cross [MS]: "Re: EFS not secure on LAN"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
