Re: File encryption and restoring keys
From: Drew Cooper [MS] (dcoop@online.microsoft.com)
Date: 08/21/02
- Next message: Drew Cooper [MS]: "Re: Passwords to login to XP"
- Previous message: John Earle: "firewall allow/disallow"
- In reply to: Robert Gu [MS]: "Re: File encryption and restoring keys"
- Next in thread: Jeff Durham: "Re: File encryption and restoring keys"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Drew Cooper [MS]" <dcoop@online.microsoft.com> Date: Wed, 21 Aug 2002 11:25:38 -0700
I have another theory . . .
It could be that the "restored" user has the same SID as before. If the
user has a well-known SID (like the administrator), this is certainly the
case. And, at least for local accounts, user SIDs were still given to new
users in a known order. They start at <MACHINE SID>-1000 and the number on
the end increments by one for each new user added.
If the "restored" user has the same SID as before and the old profile is
copied over the new one, the user could access the old encrypted files.
-- Drew Cooper [MS] This posting is provided "AS IS" with no warranties, and confers no rights. "Robert Gu [MS]" <robertg@online.microsoft.com> wrote in message news:eY3QMJTSCHA.1640@tkmsftngp11... > Can you explain your word of "restore"? I would be very interested if your > "restore" means simply copy the files. > > Just because you have the recovery agent cert+keys, that would not give you > the access to the files if the OS was reinstalled, unless you have backed up > your recovery cert + keys and imported them to the new OS. Recovery > cert+keys are stored the same way in the recovery agent's account as the > normal EFS cert+keys in the normal account. You have to export and import > it. > > -- > This posting is provided "AS IS" with no warranties, and confers no rights. > > Robert Gu [MS Security Developer] > "Jeff Durham" <root@localhost> wrote in message > news:eZ9JymSSCHA.1820@tkmsftngp13... > > I do not have a roaming user profile. However, my username is designated > as > > a recovery agent. Maybe that is why it works. If I only restore my data > > files in my documents (those are the files that are encrypted) and not > > everything else in my user, I then cannot access my encrypted files. > > > > Jeff > > > > "Robert Gu [MS]" <robertg@online.microsoft.com> wrote in message > > news:OmSG7AKSCHA.3772@tkmsftngp08... > > > Even the domain case would destory the access to EFS file, except, > > > > > > 1. The user account use Roaming User Profile. Or, > > > 2. The user has the recovery agent private key. > > > > > > -- > > > This posting is provided "AS IS" with no warranties, and confers no > > rights. > > > > > > Robert Gu [MS Security Developer] > > > "Torgeir Bakken" <Torgeir.Bakken-spam@hydro.com> wrote in message > > > news:3D62B443.C8AA4F3B@hydro.com... > > > > Jeff Durham wrote: > > > > > > > > > Something does not make sense here. I had many encrypted files. I > > > backed > > > > > up my user directory under Documents and Settings. Blew away the > > > machine. > > > > > Restored the user. I could access all of my encrypted files (yes, > > they > > > were > > > > > and are encrypted). My machine name did not change and belongs to a > > > domain > > > > > that does have a cerftificate authority (private network). > > > > > > > > > > Either this is a major bug with XP or there is a misunderstanding on > > > your > > > > > part. > > > > > > > > Yes and no for the misunderstanding part ;-). My description was for a > > > > non-domain context. When you now say this is in a domain setting, > thinh > > is > > > > pretty different ;-) > > > > > > > > -- > > > > torgeir > > > > > > > > > > > > > > > > > > > >
- Next message: Drew Cooper [MS]: "Re: Passwords to login to XP"
- Previous message: John Earle: "firewall allow/disallow"
- In reply to: Robert Gu [MS]: "Re: File encryption and restoring keys"
- Next in thread: Jeff Durham: "Re: File encryption and restoring keys"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
