When EFS is used on a machine and no CA is available, the machine creates it's own certificate to encrypt files with. It has some fail-safe features which allow data to be recovered, but in the event of a crash or corruption, I wouldn't trust it. If you set up a CA on your network EFS will create certs based on your master -this will allow you to recover encrypted data, set certs to expire, revoke certs if needed, etc.
(...and Hi, I'm new to the list -figured I'd just be lurking, but happy to help if I can!) -Erica -----Original Message----- From: Birl [SMTP:[EMAIL PROTECTED] Sent: Friday, June 20, 2003 1:29 PM To: [EMAIL PROTECTED] Subject: RE: Hard Drive Encrypting edward: Date: Fri, 20 Jun 2003 10:51:26 +1000 edward: From: "Ng, Edward B" <[EMAIL PROTECTED]> edward: To: 'Allan Foster' <[EMAIL PROTECTED]>, [EMAIL PROTECTED], edward: [EMAIL PROTECTED], [EMAIL PROTECTED] edward: Subject: RE: Hard Drive Encrypting edward: edward: Just wondering, will EFS make data recovery a problem if the PC crashes or edward: the partition/drive becomes corrupt? I had a to perform a recovery on a XP edward: machine recently, using software tools like Winternals Admin Pak and I don't edward: believe it had EFS enabled, but if it did ...?? edward: edward: Edward edward: edward: EDS Australia Pty Ltd You should read up on EFS. Each user receives their own key when using EFS. Unless you have those keys, you're not recoving anything except encrypted files. Administrators do not have a skeleton key to decrypt all files they do not own. If the PC crashes, it depends on the crash. If the hd is still readable, then you should be fine. You suffer the same risks with file corruption regardless of encryption; you either repair it or it's unrepairable. Scott Birl http://concept.temple.edu/sysadmin/ Senior Systems Administrator Computer Services Temple University ====*====*====*====*====*====*====*====+====*====*====*====*====*====*====*= ===* edward: -----Original Message----- edward: From: Allan Foster [mailto:[EMAIL PROTECTED] edward: Sent: Friday, 20 June 2003 1:35 AM edward: To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; edward: [EMAIL PROTECTED] edward: Subject: RE: Hard Drive Encrypting edward: edward: edward: I have found EFS to be effective only as long as the encrypted file is on a edward: Windows 2000/XP machine. As soon as you copy it to a computer with a edward: different operating system, the file is decrypted. edward: edward: Allan Foster, CISA, CISSP edward: Principal IS Auditor edward: Legislative Post Audit edward: 800 S.W. Jackson St, Suite 1200 edward: Topeka, Ks 66612 edward: (785) 296-5668 phone edward: (785) 296-4482 fax edward: [EMAIL PROTECTED] edward: edward: >>> "Roger A. Grimes" <[EMAIL PROTECTED]> 06/18/03 04:17PM >>> edward: Any reason why you don't use Microsoft's built-in EFS? It has all those edward: features you mention. edward: edward: Roger edward: edward: *************************************************************************** edward: *Roger A. Grimes, Computer Security Consultant edward: *CPA, MCSE (NT/2000), CNE (3/4), A+ edward: *email: [EMAIL PROTECTED] edward: *cell: 757-615-3355 edward: *Author of Malicious Mobile Code: Virus Protection for Windows by O'Reilly edward: *http://www.oreilly.com/catalog/malmobcode/ edward: *************************************************************************** edward: edward: edward: -----Original Message----- edward: From: Martin Smith [mailto:[EMAIL PROTECTED] edward: Sent: Wednesday, June 18, 2003 3:01 PM edward: To: [EMAIL PROTECTED] edward: Subject: Hard Drive Encrypting edward: edward: edward: edward: edward: Good Day, edward: edward: I have a need to encrypt the hard drive for our laptops running edward: XP and 2000 pro. If it can, it needs to be as invisible to the users as edward: possible. Plus, it has to be linked to the user's login and password or the edward: users' cac. edward: edward: What tools are out there? edward: edward: edward: Thanks for your help. --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------