No announcement yet.

Windows 7 & EFS + smart card

  • Filter
  • Time
  • Show
Clear All
new posts

  • Windows 7 & EFS + smart card

    Good evening folks,
    i got here a couple of questions.

    1. If in windows xp an administrator (don't actually know if it is local administrator OR domain administrator OR both) changes a password of a user, EFS cert of the user is invalidated. Is it the same in Win 7 (vista)?

    2. I plan to deploy smart cards. Is it safer to use a special EFS cert? Or should i go with one cert for everything?

    3. how many DRA should i have, are 2 sufficient (1forest 1domain small company)?

    Clients are windows 7, servers win 2008 r2 - new green lawn setup..

    Thanks for any info and insights into possible caveats of this setup.

  • #2
    Re: Windows 7 & EFS + smart card

    Are your users local users?

    If they are domain users their password can be reset safely.

    It's not a caveat, it's a feature. Imagine if anyone could reset the local admin password of your machine, which is easy unless you have full drive encryption, they could reset your user password and read your encrypted documents. That wouldn't be very useful!

    Two DRAs should be fine, just keep good backups. Make sure those backups are secured physically. If backing up to CD, make sure to make two copies of each, and recopy them yearly.
    VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah