[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Windows Encryption

Posted on 2004-04-06
4
Medium Priority
?
607 Views
Last Modified: 2013-12-04
Hi!
I would like to know the pros and cons of using the built-in Windows encryption instead of a third party for the security (like NMS Black Whole).
I'm in an environnement where Windows XP is installed on workstations and Windows 2000 (Server) on the servers.

Thanks!
0
Comment
Question by:Sylvania
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 800 total points
ID: 10769966
I'll assume you mean the Encrypting File Systm (EFS) for  windows 2000 and higher.

EFS is a secure program, when configured correctly. That being said, when configured correctly... it's really tough to recover data if you forget your KEYs arent backed up well. Here are the last3 threads I've covered on EFS: (the last two are probably better than the first link)
http://experts-exchange.com/Security/Win_Security/Q_20932052.html
http://experts-exchange.com/Security/Win_Security/Q_20911328.html
http://experts-exchange.com/Security/Q_20887645.html

In those you'll see where people typically have problems, EFS is a good tool, but it is touchy... I actually prefer a 3rd party, for ease of use sake. You just have to do sooo much to use EFS securly. I like winzip and winrar. They use a great encryption algorythim, and it also saves space with compression. PGP is more secure, and my overall choice.
-rich
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10772449
I agree with RICHRUMBLE - You definitely must ensure a backup of the Recovery Agent

HOW TO: Encrypt Data Using EFS in Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;230520

Best Practices for the Encrypting File System
http://support.microsoft.com/default.aspx?scid=kb;EN-US;223316

Disable/Enable EFS on a Stand-Alone Windows 2000-Based Computer
http://support.microsoft.com/default.aspx?scid=kb;en-us;243035

You Cannot Decrypt Files After You Reset Your Password with a Password-Reset Disk
http://support.microsoft.com/default.aspx?scid=kb;en-us;308273

If you're a domain administrator - read HOW TO: Configure a Domain EFS Recovery Policy in Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;313365

HOW TO: Back Up the Recovery Agent Encrypting File System Private Key in Windows 2000
http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/q241/2/01.asp&NoWebContent=1

Advanced EFS Data Recovery (or simply AEFSDR) is a program to recover (decrypt) files encrypted on NTFS (EFS) partitions
http://www.elcomsoft.com/aefsdr.html

Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open
0
 

Author Comment

by:Sylvania
ID: 10774312
Thanks Rich! (And Try too!)

You gave me a lot of reading, but it worths it. :)  Those are pretty good links and it gives me a much better understanding of the process.

Thanks again!
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10781873
:o) Glad we could help you
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Encryption for Business Encryption (https://en.wikipedia.org/wiki/Encryption) ensures the safety of our data when sending emails. In most cases, to read an encrypted email you must enter a secret key that will enable you to decrypt the email. T…
There are many Password Managers (PM) out there to choose from. PM's can help with your password habits and routines, but they should not be a crutch you rely on too heavily. I also have an article for company/enterprise PM's.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question