Re: Gaining Administrator Access to Windows XP Professional SP2 Sy



That was true in Windows 2000 but not in Windows XP. If a local user account
password is reset an attacker will NOT be able to logon with the reset
password and access the EFS encrypted files. Now an attacker could logon as
an administrator, install a password hash cracking program to try and
recover a user's password and then logon with the correct password to access
the files. If you use complex passphrase of at least 15 characters [which
also disables it from being stored with lm hash] then it will become almost
impossible to recover your password. If you export and delete your EFS
private key and assuming non other can decrypt the files then the files are
safe from opening and the only possibility would be to try and brute force
AES 256 encryption which is not going to happen anytime soon. Ideally for
maximum confidentiality you want to run cipher /w after deleting the EFS
private key to overwrite free diskspace to eliminate any traces of the
private key or clear copies of the EFS files if any existed. Users that
logon with cached domain credentials have there passwords stored very
securely and they are not stored in the local sam. I have yet to hear of a
verified successful attempt to recover such though an atacker could resort
to simple guessing and maybe get lucky. --- Steve



"stephen-robertson" <stephenrobertson@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:D6EE89C6-5E5E-4620-A269-DB0DFD39E4FE@xxxxxxxxxxxxxxxx


I do encrypt my data, and I did not create any Designated Recovery Agent
for
EFS. Otherwise, if I did lose the laptop and someone gained Administrator
access to the system, that person could then decrypt my data. Even if the
Administrator account is not a Designated Recovery Agent, someone could
simply change the passwords of every user account on the system, log in to
each one, and attempt to decrypt the data. If another user account was a
Designated Recovery Agent, eventually the encrypted data would become
accessible.

Stephen


.



Relevant Pages

  • Re: Limited Access
    ... For users that you want to logon to a computer via Remote Desktop you need ... Remote Desktop Users group. ... sharing to the computer not impeded by a firewall and the user account also ... On my desktop and wired laptop the hard drives are ...
    (microsoft.public.windowsxp.security_admin)
  • Re: GC Question
    ... The Domain and Forest Level are in 2003 ... Then i started up only the Dc for Child domain ... logon on that domain including in the Domain Controller for that Domain, ... When I try to create the user account "User01" I received the following ...
    (microsoft.public.win2000.active_directory)
  • Re: SBS re-connection
    ... I understand that you can not logon domain again ... Do you mean the issue disappeared if you delete the user account on ... >This newsgroup only focuses on SBS technical issues. ... you may want to contact Microsoft CSS directly. ...
    (microsoft.public.windows.server.sbs)
  • Re: AcceptSecurityContext() returns SEC_E_LOGON_DENIED
    ... time if auto logon is enabled for the zone or if auto logon is disabled ... the Local Security Policy is set for everyone, users, admin... ... Incorrect user account name ... "Access this computer from the network" privilege need to be granted to ...
    (microsoft.public.platformsdk.security)
  • Re: Tracking unauthorized access to my computer
    ... Remote Desktop. ... The user name, logon type, and time can give you an idea who is ... Also look at your own logon events for your user account ... I would also increase the size of the security log to like ...
    (microsoft.public.security)