Re: recovering NTFS volumes
From: Parhez Sattar (pxs01_at_grh.org)
Date: 06/09/04
- Next message: CWDev: "Disabled old Admins acct - no rights to re-enable"
- Previous message: jimmymac: "outlook express"
- In reply to: Steven L Umbach: "Re: recovering NTFS volumes"
- Next in thread: Steven L Umbach: "Re: recovering NTFS volumes"
- Reply: Steven L Umbach: "Re: recovering NTFS volumes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 8 Jun 2004 17:52:51 -0700
Steve,
Thanks for the detailed answer. Does your answer change
if the file system where the tape is being restored does
NOT have NTFS (i.e. FAT32)? What if the ACLs of the files
in question on the tape didn't include Administrator
(Administrators group)? Doesn't the machine name/id come
into play, even if the Administrator account was
explicitely included in the ACL? Thanks again.
>-----Original Message-----
>Ntfs by itself is not secure protection outside of the
original operating system and
>yes someone who could restore the tape to another
operating system would be able to
>access those files [assuming the backup process does not
encrypt, as some can is my
>understanding]. They may or may not need to take
ownership. My guess is that if
>administrators group or administrator have full
permissions, they would have no
>problem since built in administrator and administrators
group have the same sid on
>every operating system. EFS files would deny access to
any users who does not have
>access to the private keys used for EFS for either the
user or recovery agents as
>shown in efsinfo. Those private keys are stored in the
user profiles, so if the
>backups did not include those user profiles they would
not be able to access the EFS
>files themselves unless they obtained them from another
backup [keep them separate]
>and were able to guess or crack users/recovery agent's
password, though they could
>delete the data. I have little experience with backup
programs other than built in
>ntbackup or Ghost, but it is my understanding that not
all backup programs support
>backing up of encrypted files and it is not that the
files would be decrypted, but
>that they would be backed up and restored as gibberish
which is something to
>consider. XP Pro SP1 and W2003 EFS uses AES [strong
stuff] which if restored to a W2K
>computer and then imported the recovery agent EFS private
key to decrypt the files
>would not work because W2K does not support AES. ---
Steve
>
>
>http://support.microsoft.com/default.aspx?kbid=243330 --
well known sids
>http://www.microsoft.com/resources/documentation/windows/2
000/server/reskit/en-us/distsys/part2/dsgch15.mspx
>--- efs info
>
>"Parhez Sattar" <pxs01@grh.org> wrote in message
>news:1a0f201c44da4$993f6320$a001280a@phx.gbl...
>> We have this debate going in the office about NTFS and
how
>> it protects files from falling in the wrong hands.
>> Basically, the questions are:
>> -What are the risks if a backup tape, that was used to
>> backup an NTFS volume on a machine (W2K/XPpro)that was
>> part of a corporate domain/AD, falls into the hands of a
>> person who is curious (but not very savvy to know
hacking
>> tools) and has a tape drive on their home machine. Can
>> this person just restore the tape onto their computer
and
>> gain full access to the files (mind you that they were
>> protected via NTFS 5.0 on the original partition)
without
>> taking any additional steps (such as taking ownership,
>> bypassing the original ACL, etc.)?? Add EFS to the
>> scenario above. What changes? Thanks in advance.
>>
>>
>
>
>.
>
- Next message: CWDev: "Disabled old Admins acct - no rights to re-enable"
- Previous message: jimmymac: "outlook express"
- In reply to: Steven L Umbach: "Re: recovering NTFS volumes"
- Next in thread: Steven L Umbach: "Re: recovering NTFS volumes"
- Reply: Steven L Umbach: "Re: recovering NTFS volumes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
