[Dshield] Windoze Questions...
jholmblad at aol.com
Sun Feb 15 18:44:55 GMT 2004
a clarification re: your question
* 4) About the Windows encrypted file system... if someone gets
Admin privilege on a system using the encrypted file system, can
they disclose or compromise data that would normally be protected?
In windows 2000, the Administrator account is automatically established as a default EFS recovery agent. On a stand alone windows 2000 system, the private key for the recovery agent is stored on the computer. Therefore, to mitigate the risk from the attack you mentioned, Microsoft recommends that when using EFS in Windows 2000, the private recovery key from the computer should be exported onto a non-volatile medium, stored in a safe location, and then deleted from the computer.
In windows XP/2003, there is no predefined default recovery agent.
Windows Group Policy can be used to define one or more such agents, or,
alternatively, the cipher.exe tool can be used to manually create one.
(H) 703 620 0672
(M) 703 407 2278
(F) 703 620 5388
www page: www.vtext.com/users/jholmblad
primary email address: jholmblad at aol.com
backup email address: jholmblad at verizon.net
text email address: jholmblad at vtext.com
More information about the list