Re: Windows XP Pro - Encryption - AVOID

Well, given that I'd read what I could, researched by talking with MS Windows
experts at my organization, attempted to locate any material that would
identify the risks of using the option - I think I fairly understood how it
worked and understood the risks - up to and including protecting myself with
recover disks (as was indicated in the post).

Being an IT professional, and knowing not to step off the cliff without
checking for a safety net, I believed that I'd examined the risks. There
just wasn't one listed indicating that somthing as simple as changing the
password would render encrypted data useless. Yes, I know that the
encryption is based on the profile/password combination (along with the
system encryption key values); but most environments that support
profile/password usage understand that passwords - to remain effective - must
be changed/updated on a regular basis.

The use of the EFS was contemplated and implemented following research and
understanding (certainly not at "expert level"; but much higher than novice).

It has nothing to do with "understanding" the options. It has everything to
do with the implementation of the option on a secure system.

For example, at MS web site
http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx,
the statement by MS is as follows: changing of a local user password by an
administrator, or through a method other than by the user, will block all
access to previously encrypted files by the user.

The operative clause is "other than by the user". In this case, it was BY
THE USER.

So, to implement such a usage, and to expect normal activity to be
accommodated by the OS, is not really to much to ask. However, MS Windows XP
Pro evidently doesn't expect the EFS to be used, and if it is, then to be
used in a practice that is non-standard by most security publications and
administrators (which I am a systems security engineer for my company.)


"Shenan Stanley" wrote:

Jim wrote:
Well, I had a big scare yesterday, and found out why Windows XP Pro
folder/object encryption is a BAD THING.

Reason - it doesn't work right.

Heres what happened:
1) I have two accounts define on my system, both for me. One is
play, the other work. Work account has many things specific to my
company. 2) Passwords are set to expire 60 days following a
password change (same as company policy)
3) Encrypted two folders (w/content) and about 7 independent
objects under work profile. All due to the fact that it contains
sensitive information. 4) Password was ready to expire in one day.
At the prompt reading "Do you want to change your password now?", I
responded by pushing the button "YES". 5) All appeared to work
well, not immediately identifyable issues. 6) Attempted to launch a
business application (one that happens to use one of the encrypted
objects.) 7) PROGRAM FAILURE: Due to inability to access the object.
8) Further examination revealed that all encrypted folders/objects
were inaccessable.

Well, I've learned my lesson: NEVER, BUT NEVER, USE MICROSOFT
WINDOWS XP PRO TO ENCRYPT FOLDERS (w/content) OR OBJECTS. It'll
COST BIG TIME.

So, just a bit of info to share, based on my experience over the
last two days.

All is recovered and working - without encryption. The real hard
stuff is in a separate encrypted volume based on PMC Ciphers
TurboCrypt Polymorphic encryption engine (at a 208 bit strength
too.) What Windows was used for were those folders/objects where
the application HAD to have the content in a certain folder
location.

Wouldn't it be better to say, "Never, but never, use things without
following the 'best practices' laid out for them and understanding them
fully"?

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html



.