Re: External disk security

From: Zen Andreas (zen8069_at_zen.co.uk)
Date: 06/08/04 

Date: Tue, 8 Jun 2004 20:18:01 +0100

I have tried this, but noticed that if you give the disk to
someone who happens to use Win2000 too and is logged in as an
administrator, he or she can add himself to the list of users
granting himself access to the directories without any
trouble..... This would make encryption obsolete?
This worked without copying a certificate to the other machine...

Is there anyway of simply restricting it to 2 computers? On both
computers I have administrator access and I do not need it on any
other computer...

Many thanks for your help.

"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
news:L3nxc.4940$0y.4172@attbi_s03...
> The only way would be to use encryption such as EFS. If the
drive has no operating
> system on it and no user profiles then a third party finding it
would not be able to
> decrypt the EFS files since they would not have access to the
EFS private key that is
> needed and stored in the users and recovery agents profile. In
W2K two parties can
> decrypt EFS files - the user who decrypted them and the
designated recovery agent[s]
> who would be the built in administrator account by default on a
stand a alone machine
> and possibly a domain administrator,etc on a domain machine.
Efs info can show what
> users can decrypt a file and their related thumbprint info for
the associated
> certificate/private key. If you use EFS if is a good idea to
run cipher /w on the
> drive before shutting down to try to remove any cleartext
remnants of encrypted
> files. EFS has it's hazards in that if you have to reinstall
the operating system and
> you do not back up your EFS private keys, you will lose
permanent access to your
> data. Be sure to read the link below on EFS best
ractices. --- Steve
>
> http://support.microsoft.com/default.aspx?scid=kb;EN-US;223316
>
> "Zen Andreas" <zen8069@zen.co.uk> wrote in message
> news:u9e6cVWTEHA.2236@TK2MSFTNGP09.phx.gbl...
> > I have an external disk (60GB) which I use daily between my
home-
> > and the office-computer.
> > Both computers run Win2000.
> >
> > I have tried to encrypt the data and add user rights, but
using
> > other computers this is easy to change once logged in as
> > administrator on a third party Win2k computer.
> > What is the best way of securing access to this (firewire)
disk
> > (or directories) such that if I loose it "no one" can have
(easy)
> > access to it?
> >
> > Many thanks
> >
> > --
> > Zen Andreas
> >
> >
>
>

Relevant Pages

  • Re: EFS Certs in AD or local PC?
    ... Just to add that EFS files can not be copied by anyone other then a user ... that can decrypt them but a user can use NTbackup to back them up to be ... If there are no correct EFS private keys [user ...
    (microsoft.public.windows.server.sbs)
  • Re: DRA is Decrypting Files when it shouldnt be!!!
    ... Policy then the user's EFS files can be updated automagically to reflect the ... fact to attempt to decrypt EFS files for a user that does not have their EFS ... > you didn't go far enough, after you log in as the built-in administrator ... >> RA though I rebooted the computer after encrypting the files and before ...
    (microsoft.public.windowsxp.security_admin)
  • EFS
    ... I have problem about a EFS. ... I have a .xls file in d: ... checked the Recovery Agent & it's for the administrator. ... idea how to decrypt that file. ...
    (microsoft.public.win2000.security)
  • Re: Accessing Encrypted File
    ... EFS to encrypt your files. ... ID to decrypt the files assuming your EFS recovery agent is administrator ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: changed password and efs
    ... You should still be able to use your EFS RA. ... Password changes and EFS only ... > have run as administrator, please don't start flaming) and so i am the ... will i be able to access my efs files? ...
    (microsoft.public.windows.server.security)