EFS Encryption

Wkelley1979

Guys

I have just studied the EFS Section for the exam i nthe MS Offically Training Kit Book. I have a few Questions.

1. How could a user loose the Encryption Certificate?
2. Where are these certificates/Private Keys stored? and how are these recognised?
3. Do i really need to worry about them if the Administrator can decrypt the Files is need be anyway?

I understand the basic gist of encryption and it is kinda straight forward. but i just dont get the issues above.

Any help or assistance would be Great!

dynamik

Certificates are located in the personal certificate store, which I believe is part of the user's profile. Therefore, problems would occur if a user's profile were to be accidentally deleted or somehow became corrupted. You need configure a data recovery agent in order to have someone, such as an administrator, decrypt the files. Administrators can't simply decrypt the files because they're administrators.

More info here: http://technet.microsoft.com/en-us/library/bb457116.aspx

sprkymrk

Another good thread here:

http://www.techexams.net/forums/viewtopic.php?t=18560

brad-

You probably just need to know that an admin account can view the files normally, and a little about the cipher commands.

sprkymrk

brad- wrote:

You probably just need to know that an admin account can view the files normally

Not unless you have them as your DRA. The defaults are different between OS's (2K/XP) and Workgroup/Domain configurations. Do not assume an admin can automatically decrypt EFS. You'll probably be wrong.

MikeInMoseley

Some general good links for EFS:

http://www.windowsecurity.com/articles/Understanding-EFS-Windows-2003.html
http://www.windowsecurity.com/articles/Where_Does_EFS_Fit_into_your_Security_Plan.html

http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx