EFS question

davtharavdavtharav Member Posts: 4 ■□□□□□□□□□
I was wondering what is the XP policy on EFS, if a user quits and encrypted a file, can another administrator just reset the users password and then log in as the user and get to the encrypted file?

Thanks

Comments

  • fonduefondue Member Posts: 104
    You can just logon as the recovery agent view or move the files. If this is a standalone PC the administrator is the default recovery agent.
  • davtharavdavtharav Member Posts: 4 ■□□□□□□□□□
    It's from a question that i came across when studying for my 70-270 exam.

    You are the administrator for a Windows 2000 network. One of the employees, Jeane, has unexpently left the company. Ben has been hired to replace Jeane. Jeane used Encrypting File System (EFS) to encrypt a file on her Windows XP Professional Computer. Now that she is gone, Ben must be able to access the encrypted file.

    Chose 2.

    A. You should Backup the encrypted file and restore it to your computer. Then, decrypt the file.

    B. You should copy the file to a FAT32 partition

    C. You should log onto Jeane's computer using your Administrator account and decrypt the file.

    D. You should change Jeane's password so that Ben can log onto the account and decrypt the file.

    Listed right answers (A, D)

    If i had to chose 2 I would have said A, and C. I thought i read somewhere that you can't reset someones password and unencrypt a file. I thought you could do that under Windows 2000, but not XP.
  • xlg123xlg123 Member Posts: 34 ■■□□□□□□□□
    If you are using XP, the local administrator is NOT automatically the recovery agent. This is a security "fix" from 2000 where it was automatic. The administraotr must generate a key and import it as a recovery agent, but this is ONLY for files that have been created after the key was generated.
    This was fixed from 2000 to prevent someone from gaining access to the Admin account (local) and decrypting all the files. In a domain, the domain admin is the recovery agent, or you can have appointed ones.
    Reference your sample quetion... If I remember correctly, once you (the admin) change a users account, no one can access the files except the RA. When you go to change the user's password, there is a warning reminding youof this.
  • albangaalbanga Member Posts: 164
    The answers given definately dont sound right. We had an endless class discussion about what i think is a very confusing topic. But the one certainty that cam up is that you cant just change the password.
  • xlg123xlg123 Member Posts: 34 ■■□□□□□□□□
    Okay. Do a clean install of Windows XP Pro. Go to GPedit, navigate to public keys.... it's empty.... No DEFAULT recovery agent.
    Than, in your nice default installation, create a user account and encrypt a file. Log in as admin and try to change their password. Read the warning box.
    Than come back and "explain" how these answers don't "sound right"...
    Don't form a comitee in class to discuss. The point is try it and learn it. You'll remember it better. This is something your instructor should have come up with (interactive learning).
    Good Luck!!
Sign In or Register to comment.