[unisog] Windows Encrypted File System (EFS)
cosmin at cti.depaul.edu
Fri Feb 10 18:42:27 GMT 2006
Cached credentials have their own set of problems which is why some
people choose to use local accounts when working off-site. EFS will work
without a problem even when using a domain account with cached
credentials. As long as you are willing to either put up with or work
around having to wait 2 minutes to log in (when Windows tries in vain to
contact the DC).
From: unisog-bounces at lists.sans.org
[mailto:unisog-bounces at lists.sans.org] On Behalf Of John Valenti
Sent: Friday, February 10, 2006 9:58 AM
To: UNIversity Security Operations Group
Subject: Re: [unisog] Windows Encrypted File System (EFS)
I'm not using EFS yet, but am considering it for some folders.
This example makes me wonder ... here, people continuing logging in to
the domain on off-site laptops (using cached credentials, I think you
call it). Generally the only local account is administrator and they
don't even know the password. Would EFS continue working off-site?
I would think the EFS key chain would also be cached on the laptop.
And am I missing something by not using local accounts on the laptop?
My research led me to believe everything should be done from domain
accounts, and the local accounts secured at installation and basically
On Feb 9, 2006, at 4:43 PM, Stasiniewicz, Adam wrote:
>> Laptop is joined to the domain, and while at work, the user
>> logges into the domain and works on some EFS files (on the laptop),
>> then they log off and take the laptop home. The user will not be
>> able to access their EFS files on the laptop using a local account.
>> Is that true?
> By default yes. But you install a copy of the private key into the
> local user's certificate store to allow access to the EFS files.
unisog mailing list
unisog at lists.sans.org
More information about the unisog