Re: EFS: Almost all files are encrypted?! How did this happen?

---

• From: "David H. Lipman" <DLipman~nospam~@Verizon.Net>
• Date: Wed, 5 Mar 2008 18:26:36 -0500

---

From: "Ron" <Ron@xxxxxxxxxxxxxxxxxxxxxxxxx>

| Okay, I don't know a lot about EFS, so bear with me...
|
| I'm the domain admin for a small company. We have a XP user who has somehow
| managed to encrypt almost all of the files on her hard drive. I don't think
| she's savvy enough to have set this up herself. Any idea how this would have
| happened?

The PC had NTFS and she Right-Clicked on the folders and chose to encrypt them.

|
| The odd thing is, if you look at the EFS info for one of these files, her
| account is listed as the user and, sometimes, not all the time, one of our
| contractor is listed as a recovery agent. That contractor has domain admin
| rights. I haven't talked to him in a while, but before I do I want to have
| my facts straight.
|
| I thought under EFS all domain admins - I'm one of them - should have
| recovery agent rights. The thing is I don't see anyone except this
| contractor listed as a recovery agent on any of these files.

Nope. Each individual will create their own Security Certificate that is used to
encrypt/decrypt files and folders. That Security Certificate, stored in the personal
Certificate Store, would have to be exported and placed on separate media. A copy for the
administrative staff and another copy for the end user. This is done to backup the original
certificate in case it is accidentally deleted by the end user.

|
| Any thoughts on what's going on? How did this happen?
|
| Thanks for any help. I know it's kind of an esoteric questions, so let me
| know if you need more info to answer it.

I can only say the end-user did this. Maybe inadvertently.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


.

---

• Prev by Date: Re: XP Pro system recovery
• Next by Date: Looking for Windows backup with a catch
• Previous by thread: Re: XP Pro system recovery
• Next by thread: Looking for Windows backup with a catch
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: EFS ... Efs is very complicated. ... Even if the domain admin is not the recovery agent ... >> environment there is a designated recovery agent who could decrypt the ... (microsoft.public.windowsxp.help_and_support) EFS ... I'm the administrator of a W2K-file server. ... I'm not domain admin. ... implement EFS and how do I do it? ... I must be able to recover files if ... (microsoft.public.win2000.file_system) Re: EFS ... > How can I recover an EFS ecrypted fileif an NTFS file ... > system crashes. ... Did you previously export your security certificate (for EFS)? ... (microsoft.public.security) Re: EFS rule ... > I try to acces encipt file/folder and win2000 let me to access then! ... > I encript a file/folder an other pc and try to acces with Domain Admin ... > account (that have got a valid Recover efs certificate)and i cannot, ... (microsoft.public.win2000.security) Re: EFS is a joke! ... I claimed that EFS is nothing more than a joke that ... > provides a little program level protection. ... Actually there is a recovery key which is onwed by admin or domain admin. ... (comp.security.misc)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)