Options

decrypt, or change password?

pandimuspandimus Member Posts: 651
in Windows 2000 Core
Ive seen tons of questions regarding discruntaled employee's who encrypt files and leave the company, but ive seen different versions of what to do. Should you log on as a Recovery Agent and decrypt? or just change his password and access them in his profile?
Xinxing is the hairy one.
· Share on FacebookShare on Twitter

Comments

  • Options
    cheebliecheeblie Member Posts: 288
    I'm pretty sure you would first disable his account. Then you would login as a Recovery Agent and decrypt the files. I believe that is how Microsoft views the situation as far as the test is concerned.

    Cheeblie
    · Share on FacebookShare on Twitter
  • Options
    pandimuspandimus Member Posts: 651
    sounds resonable to me.. :)
    Xinxing is the hairy one.
    · Share on FacebookShare on Twitter
  • Options
    LexxdymondzLexxdymondz Member Posts: 356
    I'm pretty sure that you would only change the password if someone was filling in the job postion ie...

    Bob has encrytped his fiscal year earnings statement then left the company. Jane will be filling in for Bob now that he is gone and needs these files for her meeting. What is the easiest/fastest way for jane to get these files?

    That would be to reset the password.

    If the admin or someone else needs the files, but won't be taking over the postion use the Recovery agent.

    Any comments from anyone else would be appreciated.
    · Share on FacebookShare on Twitter
  • Options
    pandimuspandimus Member Posts: 651
    Yeah i finally figured out the difference in the middle of the night..

    Needless to say I passed the 70-210 today, definitly a different test.
    Xinxing is the hairy one.
    · Share on FacebookShare on Twitter
  • Options
    WebmasterWebmaster Admin Posts: 10,292 Admin
    Congratulations Pandimus! icon_thumright.gif
    Bob has encrytped his fiscal year earnings statement then left the company. Jane will be filling in for Bob now that he is gone and needs these files for her meeting. What is the easiest/fastest way for jane to get these files?

    That would be to reset the password.
    A slightly different method, but as easy, and what is usually done when this would be a real world scenario(an employee leaving the company and username is based on the employee's name), is rename the username, reset the password, and "enable change password at next logon". (I have to admit I never tried it on Windows 2000 with EFS... used to work fine on NT 4 ;)) This will allow the new employee to access the same resources without an admin having to assign permissions and join groups, again..

    But when it comes to MS questions, I'm quite sure the answer is always "logon as a recovery agent", unless you are the user... in that case "you can recover an encrypted file or folder yourself if you have kept a backup copy of your file encryption certificate and private key in a .pfx file format on a floppy disk." which would be the preferred method... from a user's perspective.

    www.microsoft.com/windows2000/techinfo/planning/security/efssteps.asp
    LinkedIn - FaceBook
    · Share on FacebookShare on Twitter
  • Options
    pandimuspandimus Member Posts: 651
    Yeah that is fine if you are transfering files to a new employee. But if the old employee leaves and you transfer those files to the boss, you will have to decrypt them first.. I guess that is what i am getting from it.

    Thanks webmaster..

    Next on to the 215..
    Xinxing is the hairy one.
    · Share on FacebookShare on Twitter
  • Options
    WebmasterWebmaster Admin Posts: 10,292 Admin
    Yeah I agree, if the files go to anyone else than the new employee, and admin, hence a recovery agent, will have to do it.

    Have fun with 215.
    LinkedIn - FaceBook
    · Share on FacebookShare on Twitter
Sign In or Register to comment.