Re: Unable to secure personal profile from work sys admin

The best possible solution would be to encrypt the contents of folders that
have sensitive info but NOT your whole user profile. However a determined
administrator could make himself a Recovery Agent for EFS [available in XP
Pro] for the domain in order to access your data if he really wanted to and
you can see what users can access EFS encrypted files in the properties of
the EFS files. While EFS is built and convenient because of that you may
want to consider a third party encryption alternative if you think such a
risk could exist. No matter what type of encryption you would consider they
all have the danger that the user can lose permanent access to encrypted
data if he decryption keys are lost or corrupted so you would want to take
extra precautions, including backing up the PRIVATE key, to minimize such
based on the recommendations of the publisher of the application. If you do
use encryption you may also want to keep clear text backups of important
files stored safely at home just in case a problem arises. Also a user that
has the proper NTFS permissions to encrypted files may not be able to read
them but could delete them. The links below may help. --- Steve

http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx ---
EFS in XP Pro
http://support.microsoft.com/default.aspx?scid=kb;EN-US;223316 --- EFS
best practices
http://www.snapfiles.com/Freeware/security/fwencrypt.html --- free file
encryption tools
http://www.snapfiles.com/Shareware/security/swencrypt.html --- shareware
file encryption tools

"Rob" <Rob@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:28A4B995-0ADD-4F1E-BF94-6A3F8AEC9C44@xxxxxxxxxxxxxxxx
I use my laptop for home and work. One user is HOME; the other WORK. As the
owner and admin of the laptop, I set my WORK account so that it cannot
access
the HOME info, to protect my personal info while at work.

When I log into our work domain, the security policy installs an admin
account that gives our sysadmin FULL access to my system. Is there no way
to
secure the info in my HOME profile?

Thanks,
Rob




.

Relevant Pages

  • RE: Protecting sensitive files on a Windows file server
    ... especially secure (using the file encryption is better though). ... Protecting sensitive files on a Windows file server ... recovery (which can also break EFS) and online password/data recovery ...
    (Security-Basics)
  • Re: EFS Private Keys
    ... It's possible to have a cluster that was in use that couldn't be wiped. ... > syskey was to EFS in W2K, ... >>> the private keys are protected however the key to the private key is ... >>> stronger encryption available for EFSfiles permanently if you don't. ...
    (microsoft.public.win2000.security)
  • Re: Need help unencrypting files after computer exploded
    ... old user profile and the user password in order to make this work. ... Exactly the same data that EFS itself uses when encrypting/decrypting ... I know precisely how EFS encryption works--I wrote some of the code ... then you know the problems with recovery and that once new keys ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Need help unencrypting files after computer exploded
    ... it's necessary to have both the encrypted keys/certificates from the old user profile and the user password in order to make this work. ... Exactly the same data that EFS itself uses when encrypting/decrypting data. ... I'd also be very curious about any EFS recovery programs you've come across. ... Consider me from Missouribut I have never heard of any way to beat the encryption withouth expensive brute force methods of reconstruction. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Corrupted Admin Profile
    ... > My view on EFS: ... > Do not to use encryption unless you are in a domain and you know ... as well not having created a Recovery Agent (with backup of the ... > Q241201 How to Back Up Your Encrypting File System Private Key ...
    (microsoft.public.windowsxp.security_admin)