Re: An EFS encryption question.

---

• From: "bagassa" <not@xxxxxxxxxxxxx>
• Date: Fri, 24 Oct 2008 16:09:22 -0200

---

Good afternoon Brian,

You raised a good point. Does this mean that the burglar who stole my computer and broke into my account could still read the files, simply because Windows will always make a new certificate ?

There is no registry change that can stop this automatic generation?

About those smart card readers you mentioned. Where can I get a simple one at a reasonable price ?

Thanks for your time and input, Brian.

Peter

========================================

Not a good idea.
The first time that you forget to import the PKCS#12 before you attempt to access a file, a new EFS certificate will be generated
From that point on, all newly encrypted files will use the new default EFS key
If you want to have the removal of the EFS certificate from software, then I recommend you move to Vista and use a smart-card based EFS certificate

Brian

========================================

What I like to do is lock some of my sensitive files using the windows EFS encryption so that if someone were to steal my computer and somehow hack the password into my account, they still would not be able to read the files.

If I were to:

1. encrypt the files
2. then export the "encrypting file system" certificate from the certificate manager (in the personal folder) to a thumb drive (and a backup drive).
3. delete the certificate managers copy
4. Every time I want to access the files, I plug the thumb drive in, and use it to decrypt the files.

Is this a good way to do it ? Any red flags here ?

Thanks for your time and help

Peter

.

---

• Follow-Ups:
  • Re: An EFS encryption question.
    • From: Brian Komar

• References:
  • An EFS encryption question.
    • From: bagassa
  • Re: An EFS encryption question.
    • From: Brian Komar

• Prev by Date: Re: hm....winhelp.ini is a MALWARE?
• Next by Date: Re: hm....winhelp.ini is a MALWARE?
• Previous by thread: Re: An EFS encryption question.
• Next by thread: Re: An EFS encryption question.
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Security update - encrypted files access problem ... If you reset the password for an account using EFS, ... ability to access the encrypted files - you were warned of that when you did it. ... > original certificate and tried to import it. ... (microsoft.public.windowsxp.security_admin) Re: Security update - encrypted files access problem ... If you reset the password for an account using ... >ability to access the encrypted files - you were warned ... >> my second admin account and reset the password. ... >> original certificate and tried to import it. ... (microsoft.public.windowsxp.security_admin) Re: File Encryption ... There was an error before SP1 when one changed ... is not changed (as any account can do) but is reset ... > to access the encrypted files? ... >> has been encrypted with the new EFS certificate, ... (microsoft.public.windowsxp.security_admin) RE: [Full-Disclosure] RE: Vulnerability in IBM Windows XP: default hidden Administrator account allo ... that account, such as personal certificates, saved passwords, etc., are deleted ... Because this includes the user's EFS certificate, ... either backed up the certificate or created and saved a recovery certificate. ... (Full-Disclosure) Re: EFS: Move User+WKS to other forest ... can not export my certificate using MMC Certificates (SP1 does not have ... Want to move Workstation to another forest. ... User1@domain1 has encrypted files on D: ... Issue the user a new EFS certificate and have them encryption a new file (establishing the ... (microsoft.public.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.windows.vista.security  > 2008-10