Re: EFS access
- From: "Robert Moir" <robspamtrap@xxxxxxxxx>
- Date: Thu, 28 Dec 2006 10:26:05 -0000
Zyggy wrote:
When I use EFS to encrypt data for an account in XP, I can log into
another account with admin privilages and traverse the
sub-directories of the EFS-protected parent director. Although this
other account cannot open or copy the EFS files to a different
drive/partition, it can see the names of these files, even rename
them and delete them. Is there a way to use EFS to block even the
opening of an EFS protected folder from another admin account?
No. EFS cannot do this. NTFS permissions, however, can. Of course, NTFS
permissions can be overridden by an admin. If this is a problem for you then
you probably need to start restricting admin account access to people you
actually trust.
EFS is not some kind of magical shield of super-secret protection for
confidential files, it is simply a method of encrypting files and combining
the keys for this with the account that owns the files so that the process
is transparent to the logged in user.
.
- References:
- EFS access
- From: Zyggy
- EFS access
- Prev by Date: Re: ICRSS.EXE?????
- Next by Date: NDIS User Mode and "industybrains.com"
- Previous by thread: EFS access
- Next by thread: Re: EFS access
- Index(es):
Relevant Pages
|
