Encryption File System Nightmare

From: Ruben (ruben@ruben.com)
Date: 10/20/02 

From: "Ruben" <ruben@ruben.com>
Date: Sun, 20 Oct 2002 13:31:33 -0700

I don't mean to offend you in any way, but people should
realize that, as technology gets better, it gets complexer
also. This is also true for the products MS delivers. W2K
or XP can not be compared with Win 9.x. It's sad, but we
are getting to an age in which you have to actual study
background material about a feature, before using it :-).
In the case of EFS: MS has written some articles about
EFS, and the difference between the EFS-implentation in
W2K and XP Pro. You should have read this before switching
on EFS (by means of Folder/Properties); these docs clearly
state in XP Pro you have to export the certificate first
(as opposed in W2K without domain, where any administrator
by default is able to decrypt in case of a lost user key).

Get used to it: read the documentation first, before using
it (or use Linux; you'll get used to reading documents
first quite easy...).

Good Luck,

Ruben
>-----Original Message-----
>I have always been a champion of Microsoft and their
>products. Not too long ago, I enabled EFS on some folders
>that I had on my drive. This folder contained a lot of
>sensitive data along with over 400 pictures of my family.
>When I enabled this option, there was no warning window
>or information window that popped up explaining about
>storing or exporting your security certificates, creating
>Data Recovery agents and explaining what would happen if
>this wasn't done. Sure enough, my computer crashed and
>even though I had my data, I had not saved/exported my
>certificate and now, I cannot access all my files in the
>encrypted folder.
>I believe that a MAJOR slip-up on the part of the XP team
>for not putting checks on this feature has caused myself
>and many others a lot of grief. To the professional
>community at large, I am asking you for support in
>bringing this case to Microsoft so that a solution is
>created to address this issue so that myself and
>countless others can get our data back.
>
>Please help.
>
>Thank you.
>.
>

Relevant Pages

  • Re: Encryption File System Nightmare
    ... plans to use EFS should understand before using EFS: ... > or information window that popped up explaining about ... > storing or exporting your security certificates, ... > encrypted folder. ...
    (microsoft.public.windowsxp.security_admin)
  • RE: Relative Security Provided by Cached Domain Credentials?
    ... So when a user logs on the w2k terminal using a smartcard + pin no (rather ... If it does then EFS ... profile currently logged on for the private certificate. ...
    (Focus-Microsoft)
  • RE: Relative Security Provided by Cached Domain Credentials?
    ... certificates assigned to them, with each certificate having a set number ... smart card management tools which provide private key archival for smart ... AND the cert is also valid for EFS, they likely would be able to do ... What you probably could get to work for local file encryption, ...
    (Focus-Microsoft)
  • Re: EFS Disabling
    ... >> I had to reinstall XP on a computer and so I copied my EFS ... They have the same account names ... > You must have exported your EFS security certificate (onto a floppy ... > claiming that if you included your profile in your backups that there ...
    (microsoft.public.security)
  • Re: Encrypting File System - EFS in Win XP
    ... > does support file sharing between multiple users on a single file. ... > This diverse from Windows XP because EFS states that the users who will be ... You do not have EFS encrpytion on a folder. ... >> Authorizing Multi-User Access to Encrypted Files ...
    (microsoft.public.windowsxp.security_admin)