?
Solved

Windows Encryption

Posted on 2004-04-06
4
Medium Priority
?
603 Views
Last Modified: 2013-12-04
Hi!
I would like to know the pros and cons of using the built-in Windows encryption instead of a third party for the security (like NMS Black Whole).
I'm in an environnement where Windows XP is installed on workstations and Windows 2000 (Server) on the servers.

Thanks!
0
Comment
Question by:Sylvania
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 800 total points
ID: 10769966
I'll assume you mean the Encrypting File Systm (EFS) for  windows 2000 and higher.

EFS is a secure program, when configured correctly. That being said, when configured correctly... it's really tough to recover data if you forget your KEYs arent backed up well. Here are the last3 threads I've covered on EFS: (the last two are probably better than the first link)
http://experts-exchange.com/Security/Win_Security/Q_20932052.html
http://experts-exchange.com/Security/Win_Security/Q_20911328.html
http://experts-exchange.com/Security/Q_20887645.html

In those you'll see where people typically have problems, EFS is a good tool, but it is touchy... I actually prefer a 3rd party, for ease of use sake. You just have to do sooo much to use EFS securly. I like winzip and winrar. They use a great encryption algorythim, and it also saves space with compression. PGP is more secure, and my overall choice.
-rich
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10772449
I agree with RICHRUMBLE - You definitely must ensure a backup of the Recovery Agent

HOW TO: Encrypt Data Using EFS in Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;230520

Best Practices for the Encrypting File System
http://support.microsoft.com/default.aspx?scid=kb;EN-US;223316

Disable/Enable EFS on a Stand-Alone Windows 2000-Based Computer
http://support.microsoft.com/default.aspx?scid=kb;en-us;243035

You Cannot Decrypt Files After You Reset Your Password with a Password-Reset Disk
http://support.microsoft.com/default.aspx?scid=kb;en-us;308273

If you're a domain administrator - read HOW TO: Configure a Domain EFS Recovery Policy in Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;313365

HOW TO: Back Up the Recovery Agent Encrypting File System Private Key in Windows 2000
http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/q241/2/01.asp&NoWebContent=1

Advanced EFS Data Recovery (or simply AEFSDR) is a program to recover (decrypt) files encrypted on NTFS (EFS) partitions
http://www.elcomsoft.com/aefsdr.html

Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open
0
 

Author Comment

by:Sylvania
ID: 10774312
Thanks Rich! (And Try too!)

You gave me a lot of reading, but it worths it. :)  Those are pretty good links and it gives me a much better understanding of the process.

Thanks again!
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10781873
:o) Glad we could help you
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
As a financial services provider, your business is impacted by two of the strictest federal regulations on record: the Sarbanes-Oxley Act and the Gramm-Leach-Bliley Act. Correctly implementing faxing into your organization to provide secure, real-ti…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses
Course of the Month9 days, 5 hours left to enroll

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question