We help IT Professionals succeed at work.

Question on EFS in XP

zephyr_hex (Megan)
on
529 Views
Last Modified: 2010-05-18
one of the features (as listed in the XP Help and Support Center):
* Encrypted files can become decrypted if you copy or move the file to a volume that is not an NTFS volume.

does this mean that all someone has to do is copy the file to something other than NTFS and the encryption is broken?  if so, what's the point of EFS?

also, if someone removes the password on a user's account by force (not through control panel->user accounts), will that person have access to encrypted file contents?  what if the password is just removed in control panel->user accounts?

i am trying to determine if EFS is sufficient for protecting HR files in case a computer is stolen.
Comment
Watch Question

This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
CERTIFIED EXPERT
Top Expert 2010

Author

Commented:
ok, so if someone were to steal my computer and copy the file to FAT32, they would not break the encryption?

also, what about the user account password?  if that is removed, is the encryption broken?
CERTIFIED EXPERT
Top Expert 2010

Author

Commented:
ok .. i may be able to answer part of the question myself...
the private key should be exported to removeable media whenever the computer is not in use.  this way, even if the computer is stolen, the encryption is not broken.  when a valid user wants to use the computer, they should import the private key from the removeable media.
CERTIFIED EXPERT
Top Expert 2012
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
retired
CERTIFIED EXPERT
Top Expert 2009
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
LeeTutorretired
CERTIFIED EXPERT
Top Expert 2009

Commented:
And from the same link I gave above, this passage about passwords should answer your other questions:

Resetting Local Passwords on Windows XP
Windows XP has new behavior regarding locally changed passwords and EFS. In Windows 2000, when a local user password was reset by an administrator, the administrator or third party could theoretically use the newly changed account to log on as the user and decrypt the encrypted files. In Windows XP, the changing of a local user password by an administrator, or through a method other than by the user, will block all access to previously encrypted files by the user.

In summary, the profile and keys of the user will be lost and will not be available to the account with the reset password. Windows XP gives the following warning when attempting to reset a user account password:

Warning Resetting this password might cause irreversible loss of information for this user account. For security reasons, Windows protects certain information by making it impossible to access if the user's password is reset.

This feature helps to guard against offline attacks and prevents rogue administrators from gaining access to encrypted files of other users.

Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.