Re: External disk security

From: Zen Andreas (zen8069_at_zen.co.uk)
Date: 06/09/04 

Date: Wed, 9 Jun 2004 01:37:00 +0100

Thanks Steven, that is much appreciated.

Zen.

"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
news:nAoxc.69077$Ly.26456@attbi_s01...
> No. Encryption overrides ntfs permissions as far as access to
the data. Another user
> may be able to delete your data but not access unless they are
a recovery agent on
> the file or know your password AND have access to the EFS
private keys. You can not
> add recovery agents after the fact. If your disk was stolen and
attached to another
> computer, they would not be able to access your EFS files if
your and the recovery
> agents private keys are not on the disk which would still
require your password to
> access. Let someone who has never had their computer connected
to your drive connect
> it to their computer and you will see they can not access the
data in the EFS files
> even it they give themselves full control of the drive or
folders. --- Steve
>
>
> "Zen Andreas" <zen8069@zen.co.uk> wrote in message
> news:OwIOf2YTEHA.3660@tk2msftngp13.phx.gbl...
> > I have tried this, but noticed that if you give the disk to
> > someone who happens to use Win2000 too and is logged in as an
> > administrator, he or she can add himself to the list of users
> > granting himself access to the directories without any
> > trouble..... This would make encryption obsolete?
> > This worked without copying a certificate to the other
machine...
> >
> > Is there anyway of simply restricting it to 2 computers? On
both
> > computers I have administrator access and I do not need it on
any
> > other computer...
> >
> > Many thanks for your help.
> >
> > "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
> > news:L3nxc.4940$0y.4172@attbi_s03...
> > > The only way would be to use encryption such as EFS. If the
> > drive has no operating
> > > system on it and no user profiles then a third party
finding it
> > would not be able to
> > > decrypt the EFS files since they would not have access to
the
> > EFS private key that is
> > > needed and stored in the users and recovery agents profile.
In
> > W2K two parties can
> > > decrypt EFS files - the user who decrypted them and the
> > designated recovery agent[s]
> > > who would be the built in administrator account by default
on a
> > stand a alone machine
> > > and possibly a domain administrator,etc on a domain
machine.
> > Efs info can show what
> > > users can decrypt a file and their related thumbprint info
for
> > the associated
> > > certificate/private key. If you use EFS if is a good idea
to
> > run cipher /w on the
> > > drive before shutting down to try to remove any cleartext
> > remnants of encrypted
> > > files. EFS has it's hazards in that if you have to
reinstall
> > the operating system and
> > > you do not back up your EFS private keys, you will lose
> > permanent access to your
> > > data. Be sure to read the link below on EFS best
> > ractices. --- Steve
> > >
> > >
http://support.microsoft.com/default.aspx?scid=kb;EN-US;223316
> > >
> > > "Zen Andreas" <zen8069@zen.co.uk> wrote in message
> > > news:u9e6cVWTEHA.2236@TK2MSFTNGP09.phx.gbl...
> > > > I have an external disk (60GB) which I use daily between
my
> > home-
> > > > and the office-computer.
> > > > Both computers run Win2000.
> > > >
> > > > I have tried to encrypt the data and add user rights, but
> > using
> > > > other computers this is easy to change once logged in as
> > > > administrator on a third party Win2k computer.
> > > > What is the best way of securing access to this
(firewire)
> > disk
> > > > (or directories) such that if I loose it "no one" can
have
> > (easy)
> > > > access to it?
> > > >
> > > > Many thanks
> > > >
> > > > --
> > > > Zen Andreas
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Relevant Pages

  • Re: Does W2K hold users email, EFS etc private key securely ?
    ... the location of private keys doesn't depend on how the Encrypted Data ... the file encryption key is not the public key. ... It is the FEK that is encrypted using the user's EFS public key, ... protect your EFS keys by limiting the success of password guessing or theft. ...
    (Focus-Microsoft)
  • Re: WIN2000 Encrypted Folders & Administrator Profile
    ... Many thanks for your invaluable help. ... >> you may be able to recover the EFS files. ... >> profile of the user and Recovery Agent for those files. ... without exported private keys to ...
    (microsoft.public.win2000.security)
  • Re: EFS & decrypting/deleting decrypted files
    ... no EFS private key exists because it can not be done. ... AES 256 encryption algorithm which is extremely strong encryption. ... Directory domain it is also possible to archive EFS private keys. ... If any of you MVP's don't want to dish the shit on removing the f-n' ...
    (microsoft.public.windowsxp.security_admin)
  • Re: efs and "encryption" overall... help?
    ... Private key is encrypted in user's profile. ... to private keys that will decrypt the files. ... Even if you backup the files on NTFS (EFS only works on NTFS) and restore ... Encrypting File System in Windows XP and Windows Server 2003 ...
    (microsoft.public.windows.server.networking)
  • Re: custom install cd
    ... It's up & running, still installing things though. ... readme only talks about the EFS and the casm driver it includes. ... formatted disk with documentation, and 3 disks that are the EFS. ... which could suffer losing up to 3 drives. ...
    (comp.unix.sco.misc)
Quantcast