Re: EFS- manipulated UserPassword

From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 10/26/04 

Date: Tue, 26 Oct 2004 19:14:39 GMT

No the problem still remains. The reason it works is because the built in
administrator account is also the Recovery Agent in Windows 2000. XP Pro
does not require a Recovery Agent, password resets will not allow the user
account to access EFS files, and uses stronger encryption. You would need to
upgrade to XP Pro OR export/delete the user's and Recovery Agent's EFS
private keys to a .pfx file when the computer is not physically secure. If
you do upgrade to XP Pro and do not remove the user's EFS private key from
the computer be SURE to make sure that the user is forced to use a complex
password. You can use security policy to enforce this.

The reason is that the user's password protects the EFS private key. An
attacker could still reset the administrator password to gain access to the
computer and then install a password cracker like LC5 on it to crack the
user's password and gain access to the EFS files. If you disable storage of
lm hashes on the computer, use password complexity, and a password of say at
least ten characters in length it would take a long time to crack it with
LC5. Password complexity only enforces three types of characters. If you are
the user or you can convince the user to use all four character types the
password will be much stronger yet as in T337r88t!* . A password like that
will not be easy to remember in which case the user could write it down as
long as it is not kept near the computer. --- Steve

"Thomas Weigel" <entwicklung_nospam__at__octagon_minus_gmbh_dot_de> wrote in
message news:utBFPh2uEHA.1984@TK2MSFTNGP14.phx.gbl...
> Hello,
>
> using w2k on laptos we would like to keep there some sensible data too.
> Searching for a solution EFS looked fine till I found the EFS backdoor
> problem mentioned in 2002.
> Where booting from a floppy, changing the password of the user (using
> certain programms) grants access to the encrypted directories and files
> too...
>
> I did not find any article about this problem (the only link I found, is
> worthless because of the new structure of MS-homepage...)
> I did not find any information searching for patches and within the
> service
> packs.
> Has the problem not been solved yet? If it has been solved, where can I
> find
> the solution?
> I would prefer to use the Windows 2000 EFS rather than a third party
> solution or updating to XP.
>
> thanks ahead and kind regards
>
> Thomas Weigel
>
>
>

Relevant Pages

  • Re: EFS Private Keys
    ... The user and recovery agent private EFS keys are stored in the associated user ... To protect your EFS files when physical security can not be assured, ...
    (microsoft.public.win2000.security)
  • Re: EFS Problem
    ... I need to learn about EFS as well. ... upgrade to Win XP PRO after my WIN 2000 PRO locked up. ... > I encrypt a file as a user on a workstation. ... > imported into the Certificates MMC. ...
    (microsoft.public.win2000.security)
  • Re: WIN2000 Encrypted Folders & Administrator Profile
    ... Many thanks for your invaluable help. ... >> you may be able to recover the EFS files. ... >> profile of the user and Recovery Agent for those files. ... without exported private keys to ...
    (microsoft.public.win2000.security)
  • Re: EFS Certs in AD or local PC?
    ... Just to add that EFS files can not be copied by anyone other then a user ... that can decrypt them but a user can use NTbackup to back them up to be ... If there are no correct EFS private keys [user ...
    (microsoft.public.windows.server.sbs)
  • Re: EFS on shared file server
    ... I need to use EFS on a shared folder of my file server. ... For grant access to many people to the file in folder I have created many EFS Recovery Agent. ... Is possible store the User Certificate for EFS on AD so if one user logon on different computer can always access encrypeted file? ...
    (microsoft.public.windows.server.security)