Announcement

Collapse
No announcement yet.

Efs

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Efs

    I would like to know in the event that user loses his private key how can an admin or other recovery agent decrypt a file.

    I tried to lab this in my virtual session, i performed the following:

    1) as the impacted user i in cmd i did cipher /r:/filename
    2)it successfully generated a pfx and cer file.
    3) logged off and logged on with the administrator account.
    4) within group policy i added the administator as a recovery agent
    5) when i tried to decrypt via the cipher command or with windows explorer it wouldnt succeed.

    Is there something i might be missing or doing wrong.

    Thanks
    Beauty is in the eyes of the beholder

  • #2
    Re: Efs

    If this is a domain environment, the administrator is automatically an RA so can remove encryption from the files.
    Other RAs can be added but they will only work on files encrypted after they are added as an RA. This seems to be the problem you have hit

    If it is a non-domain environment, there are no RAs by default.

    IMHO, EFS is dangerous enough to want to seriously consider disabling it permanently.
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Efs

      Hello Ossian,

      Thanks for your reply, the virtual machine im trying to perform this exercise is on a windows XP workgroup. I guess that microsoft made a bad implementation of crytographic technology.

      In the event that an employee leaves a company and leaves their files encrypted the admin will find it difficult to decrypt the files. As long as i understand the theoretical side should be efficient for the exam.

      Thanks again

      Best regards

      Salv236
      Beauty is in the eyes of the beholder

      Comment


      • #4
        Re: Efs

        I love it when people accuse Microsoft of some shortcoming when they can't get something implemented or they implement it incorrectly.

        Salv236, you're absolutely right. Microsoft is populated with a bunch of no talent hacks. Frankly, I'm surprised they've made it this far. I would have thought that their ruse would have been discovered by now.

        Also, here's some light reading for you on EFS:

        http://technet.microsoft.com/en-us/l.../bb457020.aspx

        Comment


        • #5
          Re: Efs

          EFS is potentially dangerous if not used correctly. You could say the same about a good many things.
          Gareth Howells

          BSc (Hons), MBCS, MCP, MCDST, ICCE

          Any advice is given in good faith and without warranty.

          Please give reputation points if somebody has helped you.

          "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

          "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

          Comment


          • #6
            Re: Efs

            Originally posted by gforceindustries View Post
            EFS is potentially dangerous if not used correctly. You could say the same about a good many things.
            Unlike some things, EFS is easily accessible to (l)users, who have a nasty habit of "encrypting first" and worrying about the consequences after the problem has occurred. Since this is a workgroup environment, a password reset will destroy the encryption certificate and leave the files well and truely inaccessible.
            Tom Jones
            MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
            PhD, MSc, FIAP, MIITT
            IT Trainer / Consultant
            Ossian Ltd
            Scotland

            ** Remember to give credit where credit is due and leave reputation points where appropriate **

            Comment

            Working...
            X