[unisog] Windows Encrypted File System (EFS)

Stejerean, Cosmin cosmin at cti.depaul.edu
Fri Feb 10 18:42:27 GMT 2006

Cached credentials have their own set of problems which is why some
people choose to use local accounts when working off-site. EFS will work
without a problem even when using a domain account with cached
credentials. As long as you are willing to either put up with or work
around having to wait 2 minutes to log in (when Windows tries in vain to
contact the DC).


Cosmin Stejerean

-----Original Message-----
From: unisog-bounces at lists.sans.org
[mailto:unisog-bounces at lists.sans.org] On Behalf Of John Valenti
Sent: Friday, February 10, 2006 9:58 AM
To: UNIversity Security Operations Group
Subject: Re: [unisog] Windows Encrypted File System (EFS)

I'm not using EFS yet, but am considering it for some folders.

This example makes me wonder ... here, people continuing logging in to 
the domain on off-site laptops (using cached credentials, I think you 
call it). Generally the only local account is administrator and they 
don't even know the password.  Would EFS continue working off-site?

I would think the EFS key chain would also be cached on the laptop.

And am I missing something by not using local accounts on the laptop?  
My research led me to believe everything should be done from domain 
accounts, and the local accounts secured at installation and basically 
ignored afterwards.

On Feb 9, 2006, at 4:43 PM, Stasiniewicz, Adam wrote:

>> Laptop is joined to the domain, and while at work, the user
>> logges into the domain and works on some EFS files (on the laptop),
>> then they log off and take the laptop home.  The user will not be
>> able to access their EFS files on the laptop using a local account.
>> Is that true?
> By default yes.  But you install a copy of the private key into the
> local user's certificate store to allow access to the EFS files.

unisog mailing list
unisog at lists.sans.org

More information about the unisog mailing list