Re: External disk security

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 06/08/04


Date: Tue, 08 Jun 2004 17:54:51 GMT

The only way would be to use encryption such as EFS. If the drive has no operating
system on it and no user profiles then a third party finding it would not be able to
decrypt the EFS files since they would not have access to the EFS private key that is
needed and stored in the users and recovery agents profile. In W2K two parties can
decrypt EFS files - the user who decrypted them and the designated recovery agent[s]
who would be the built in administrator account by default on a stand a alone machine
and possibly a domain administrator,etc on a domain machine. Efs info can show what
users can decrypt a file and their related thumbprint info for the associated
certificate/private key. If you use EFS if is a good idea to run cipher /w on the
drive before shutting down to try to remove any cleartext remnants of encrypted
files. EFS has it's hazards in that if you have to reinstall the operating system and
you do not back up your EFS private keys, you will lose permanent access to your
data. Be sure to read the link below on EFS best practices. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;EN-US;223316

"Zen Andreas" <zen8069@zen.co.uk> wrote in message
news:u9e6cVWTEHA.2236@TK2MSFTNGP09.phx.gbl...
> I have an external disk (60GB) which I use daily between my home-
> and the office-computer.
> Both computers run Win2000.
>
> I have tried to encrypt the data and add user rights, but using
> other computers this is easy to change once logged in as
> administrator on a third party Win2k computer.
> What is the best way of securing access to this (firewire) disk
> (or directories) such that if I loose it "no one" can have (easy)
> access to it?
>
> Many thanks
>
> --
> Zen Andreas
>
>



Relevant Pages

  • Re: EFS Recover Agents Unable to decrypt files
    ... Permissions were checked to make sure that the EFS RA had full ... The EFS RA imported it's EFS RA certificate from storage in a secure ... I tried to decrypt the file after only importing the ... a special recovery key is created with the encryption process. ...
    (microsoft.public.win2000.file_system)
  • Re: Recover encrypted file?
    ... If it can decrypt, it will tell you that it only decrypts ... Since your computer's and users' SIDs changed your EFS private key will no ... want to buy the full version for $99 to try and recover your files. ... > that encryption keys must be backed up separately from a normal backup (which ...
    (microsoft.public.windowsxp.security_admin)
  • Re: WINXP Pro File Excryption Not Working
    ... When reading bytes from the file in order to encode them for sending as an email attachment, the encryption key was used to decrypt those bytes. ... the profile is stored locally on that machine. ... But it's how EFS works. ...
    (microsoft.public.security)
  • Re: How to Copy EFS(encrypted) Files....
    ... If you have EFS protected file and you decide to copy it the file will first ... be decrypted (you actually have to have the private keys to decrypt the file ... >> Hmmm, WebDAV, how do I specify copying with that protocol? ... >> encryption. ...
    (microsoft.public.security)
  • Re: EFS Certs in AD or local PC?
    ... Just to add that EFS files can not be copied by anyone other then a user ... that can decrypt them but a user can use NTbackup to back them up to be ... If there are no correct EFS private keys [user ...
    (microsoft.public.windows.server.sbs)