Options

EFS question

davtharavdavtharav Member Posts: 4 ■□□□□□□□□□
in Windows XP Professional
I was wondering what is the XP policy on EFS, if a user quits and encrypted a file, can another administrator just reset the users password and then log in as the user and get to the encrypted file?

Thanks
· Share on FacebookShare on Twitter

Comments

  • Options
    fonduefondue Member Posts: 104
    You can just logon as the recovery agent view or move the files. If this is a standalone PC the administrator is the default recovery agent.
    · Share on FacebookShare on Twitter
  • Options
    davtharavdavtharav Member Posts: 4 ■□□□□□□□□□
    It's from a question that i came across when studying for my 70-270 exam.

    You are the administrator for a Windows 2000 network. One of the employees, Jeane, has unexpently left the company. Ben has been hired to replace Jeane. Jeane used Encrypting File System (EFS) to encrypt a file on her Windows XP Professional Computer. Now that she is gone, Ben must be able to access the encrypted file.

    Chose 2.

    A. You should Backup the encrypted file and restore it to your computer. Then, decrypt the file.

    B. You should copy the file to a FAT32 partition

    C. You should log onto Jeane's computer using your Administrator account and decrypt the file.

    D. You should change Jeane's password so that Ben can log onto the account and decrypt the file.

    Listed right answers (A, D)

    If i had to chose 2 I would have said A, and C. I thought i read somewhere that you can't reset someones password and unencrypt a file. I thought you could do that under Windows 2000, but not XP.
    · Share on FacebookShare on Twitter
  • Options
    xlg123xlg123 Member Posts: 34 ■■□□□□□□□□
    If you are using XP, the local administrator is NOT automatically the recovery agent. This is a security "fix" from 2000 where it was automatic. The administraotr must generate a key and import it as a recovery agent, but this is ONLY for files that have been created after the key was generated.
    This was fixed from 2000 to prevent someone from gaining access to the Admin account (local) and decrypting all the files. In a domain, the domain admin is the recovery agent, or you can have appointed ones.
    Reference your sample quetion... If I remember correctly, once you (the admin) change a users account, no one can access the files except the RA. When you go to change the user's password, there is a warning reminding youof this.
    · Share on FacebookShare on Twitter
  • Options
    albangaalbanga Member Posts: 164
    The answers given definately dont sound right. We had an endless class discussion about what i think is a very confusing topic. But the one certainty that cam up is that you cant just change the password.
    · Share on FacebookShare on Twitter
  • Options
    xlg123xlg123 Member Posts: 34 ■■□□□□□□□□
    Okay. Do a clean install of Windows XP Pro. Go to GPedit, navigate to public keys.... it's empty.... No DEFAULT recovery agent.
    Than, in your nice default installation, create a user account and encrypt a file. Log in as admin and try to change their password. Read the warning box.
    Than come back and "explain" how these answers don't "sound right"...
    Don't form a comitee in class to discuss. The point is try it and learn it. You'll remember it better. This is something your instructor should have come up with (interactive learning).
    Good Luck!!
    · Share on FacebookShare on Twitter
Sign In or Register to comment.