Re: Encrypted File Systems

[N407ER <n407er () myrealbox com>]

I could be completely off the mark on this; I'm trying to recall what I 
read when I skimmed an article god-knows-where a few weeks ago on EFS.

Supposedly one of the big issues with EFS in 2K was that the Default 
Recovery Agent--who can recover encrypted files--was the administrator. 
Well, any exploits that would allow admin access (and there are quite a 
few) would allow decryption.

So my impression was that if you had a competent admin who made his DRA 
an administrator in the domain rather than just the default local admin, 
you'd be a lot better off. I think--just a guess since I've not read 
anything to the contrary--that the encryption itself isn't all that bad.

Anyone care to set me straight?

Ah, and I did some googleing. Here's what I read: 
http://www.serverwatch.com/tutorials/article.php/2106831

Ricardo Oliva wrote:
> Hi,
>
> I am just trying to get some info on the best method available for having 
> files encrypted on a system. This is a laptop that is going to be used 
> outside our physical environment and I would like to make sure that info is 
> not accessed in case of the laptop going missing, etc...
>
> I understand that the Windows EFS implementation had some issues on win2k, 
> and that the XP implementation is slightly better. Any comments on that?
>
> Any solutions for win98?
>
> Thanks in advance.
>
> Regards,


---------------------------------------------------------------------------
----------------------------------------------------------------------------