Re: EFS Questions
From: David Cross [MS] (dcross_at_online.microsoft.com)
Date: 08/07/03
- Next message: David Cross [MS]: "Re: I messed up my CA"
- Previous message: Paul Petersen: "Re: RPC DCOM Vulenerability Questions"
- In reply to: Howard: "EFS Questions"
- Next in thread: Howard: "Re: EFS Questions"
- Reply: Howard: "Re: EFS Questions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 7 Aug 2003 05:15:31 -0700
1. that would require that the remote computer be trusted for delegation
and that the DRA have a roaming user profile. EFS:
http://www.microsoft.com/WindowsXP/pro/techinfo/administration/recovery/default.asp
2. same answer as above
3. yes, you can do this. EFS:
http://www.microsoft.com/WindowsXP/pro/techinfo/administration/recovery/default.asp
4. you have would to emable file object access auditing - that is about the
only way.
-- David B. Cross [MS] -- This posting is provided "AS IS" with no warranties, and confers no rights. http://support.microsoft.com "Howard" <Howard@audio*guy.net> wrote in message news:pcg3jvo4e67f8o8kt9glcksoj9lalq3etp@4ax.com... > I've been reading up on EFS, but still have many questions. If anyone > knows the answer, I'd appreciate their help! > > My set-up: Win2K with AD environment (CA is present). I made myself > the file recovery agent (FRA). The Domain Group Policy lists my > certificate as the recovery agent and has the "no override" switch so > local policies can't interfere with Domain policies. My account is > part of the Domain Administrators Group. > > Questions: > > 1. If someone encrypts files on their local computer (in a domain > based environment) and later needs to be decrypted by the FRA, > Microsoft recommends backing up the encrypted file/directory, and then > restoring it to my own computer (since my private key as the FRA is on > my local machine). Then I'm able to decrypt the files. Can I just > map a drive to the other persons computer and decrypt? Do I have to > backup and restore? Why not just copy or move - or better still, map > a drive and decrypt remotely? > > 2. EFS on a file server: Let's say someone encrypts their shared > drive on a file server. Can I decrypt it if I map a drive? > > 3. Can my recovery agent certificate be copied and installed to > multiple computers? (ya, I know the security risks) For example, I > use two computers right next to each other. I'd like to be able to > decrypt from either PC. Can I export (without deleting keys) and then > import to another computer? > > 4. The FRA can view and decrypt other people's encrypted files. If > they just view it, will the user know? In our company, the HR Dept. > and Execes don't even want the administrators to have access to their > files. Will EFS give them a piece of mind knowing that if the FRA > decrypts or views their files, they will know about it. After all, > pretty much any domain admin can add themselves as the File Recovery > Agents. > > Thanks, > > Howard > > Posted Via Usenet.com Premium Usenet Newsgroup Services > ---------------------------------------------------------- > ** SPEED ** RETENTION ** COMPLETION ** ANONYMITY ** > ---------------------------------------------------------- > http://www.usenet.com
- Next message: David Cross [MS]: "Re: I messed up my CA"
- Previous message: Paul Petersen: "Re: RPC DCOM Vulenerability Questions"
- In reply to: Howard: "EFS Questions"
- Next in thread: Howard: "Re: EFS Questions"
- Reply: Howard: "Re: EFS Questions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
