Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Windows Encryption

Posted on 2004-04-06
4
599 Views
Last Modified: 2013-12-04
Hi!
I would like to know the pros and cons of using the built-in Windows encryption instead of a third party for the security (like NMS Black Whole).
I'm in an environnement where Windows XP is installed on workstations and Windows 2000 (Server) on the servers.

Thanks!
0
Comment
Question by:Sylvania
  • 2
4 Comments
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 200 total points
ID: 10769966
I'll assume you mean the Encrypting File Systm (EFS) for  windows 2000 and higher.

EFS is a secure program, when configured correctly. That being said, when configured correctly... it's really tough to recover data if you forget your KEYs arent backed up well. Here are the last3 threads I've covered on EFS: (the last two are probably better than the first link)
http://experts-exchange.com/Security/Win_Security/Q_20932052.html
http://experts-exchange.com/Security/Win_Security/Q_20911328.html
http://experts-exchange.com/Security/Q_20887645.html

In those you'll see where people typically have problems, EFS is a good tool, but it is touchy... I actually prefer a 3rd party, for ease of use sake. You just have to do sooo much to use EFS securly. I like winzip and winrar. They use a great encryption algorythim, and it also saves space with compression. PGP is more secure, and my overall choice.
-rich
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10772449
I agree with RICHRUMBLE - You definitely must ensure a backup of the Recovery Agent

HOW TO: Encrypt Data Using EFS in Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;230520

Best Practices for the Encrypting File System
http://support.microsoft.com/default.aspx?scid=kb;EN-US;223316

Disable/Enable EFS on a Stand-Alone Windows 2000-Based Computer
http://support.microsoft.com/default.aspx?scid=kb;en-us;243035

You Cannot Decrypt Files After You Reset Your Password with a Password-Reset Disk
http://support.microsoft.com/default.aspx?scid=kb;en-us;308273

If you're a domain administrator - read HOW TO: Configure a Domain EFS Recovery Policy in Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;313365

HOW TO: Back Up the Recovery Agent Encrypting File System Private Key in Windows 2000
http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/q241/2/01.asp&NoWebContent=1

Advanced EFS Data Recovery (or simply AEFSDR) is a program to recover (decrypt) files encrypted on NTFS (EFS) partitions
http://www.elcomsoft.com/aefsdr.html

Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open
0
 

Author Comment

by:Sylvania
ID: 10774312
Thanks Rich! (And Try too!)

You gave me a lot of reading, but it worths it. :)  Those are pretty good links and it gives me a much better understanding of the process.

Thanks again!
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10781873
:o) Glad we could help you
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
3DES_EDE_CBC_SHA - 112  Cipher..... 2 140
Server 2008-R2 lost password 19 104
Windows 7 lost password...(reset vs change) 5 96
Changing the domain admin password 9 92
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Worried about if Apple can protect your documents, photos, and everything else that gets stored in iCloud? Read on to find out what Apple really uses to make things secure.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

789 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question