[Dshield] Windoze Questions...

John Holmblad jholmblad at aol.com
Sun Feb 15 18:44:55 GMT 2004


 a clarification re: your question

    * 4) About the Windows encrypted file system... if someone gets
      Admin privilege on a system using the encrypted file system, can
      they disclose or compromise data that would normally be protected?

In windows 2000, the Administrator account is automatically established as a default EFS recovery agent. On a stand alone windows 2000 system, the private key for the recovery agent is stored on the computer. Therefore, to mitigate the risk from the attack you mentioned, Microsoft recommends that when using EFS in Windows 2000, the private recovery key from the computer should be exported onto a non-volatile medium, stored in a safe location, and then deleted from the computer.

In windows XP/2003, there is no predefined default recovery agent. 
Windows Group Policy can be used to define one or more such agents, or, 
alternatively, the cipher.exe tool can be used to manually create one.

Best Regards,


John Holmblad


Televerage International


(H) 703 620 0672

(M) 703 407 2278

(F) 703 620 5388


www page:                      www.vtext.com/users/jholmblad

primary email address: jholmblad at aol.com

backup email address:  jholmblad at verizon.net


text email address:         jholmblad at vtext.com

More information about the list mailing list