EFS - Encrypted File System

EFS - Encrypted File System

Post by Stargat » Sat, 26 Feb 2000 04:00:00



I need some help with EFS, I downloaded the whitepaper, and read through
that, however I need some help that it does not seem to give.

I am using only 1 Win 2000 workstation and NT4 servers, so the only EFS is
on my own laptop here.

How does MS handle EFS and certificates in this situation.  I have no known
certificates on my system, and I still can encrypt and decrypt files.  How
can this be?

I would like to grant another user on this system the ability to recover the
files, and I would like to save that certificate somewhere.

I assume that I will have to use my Thawte certificates siince there is no
server on our network to authenticate or create certificates.

Any Ideas?

All the other whitepapers at MS deal with the assumption that a Cert Server
on the Network is running Win 2000 and issuing the cert.

Thanks

 
 
 

EFS - Encrypted File System

Post by Stargat » Sat, 26 Feb 2000 04:00:00


I need some help with EFS, I downloaded the whitepaper, and read through
that, however I need some help that it does not seem to give.

I am using only 1 Win 2000 workstation and NT4 servers, so the only EFS is
on my own laptop here.

How does MS handle EFS and certificates in this situation.  I have no known
certificates on my system, and I still can encrypt and decrypt files.  How
can this be?

I would like to grant another user on this system the ability to recover the
files, and I would like to save that certificate somewhere.

I assume that I will have to use my Thawte certificates siince there is no
server on our network to authenticate or create certificates.

Any Ideas?

All the other whitepapers at MS deal with the assumption that a Cert Server
on the Network is running Win 2000 and issuing the cert.

Thanks

 
 
 

EFS - Encrypted File System

Post by Bryc » Sat, 26 Feb 2000 04:00:00


    The system is automatically issuing you certificates for EFS encryption.  To manage these certs, Type "MMC" in the RunBox, and add the Certificate Manager snap-in (via the Console Menu).

-Bryce


> I need some help with EFS, I downloaded the whitepaper, and read through
> that, however I need some help that it does not seem to give.

> I am using only 1 Win 2000 workstation and NT4 servers, so the only EFS is
> on my own laptop here.

> How does MS handle EFS and certificates in this situation.  I have no known
> certificates on my system, and I still can encrypt and decrypt files.  How
> can this be?

> I would like to grant another user on this system the ability to recover the
> files, and I would like to save that certificate somewhere.

> I assume that I will have to use my Thawte certificates siince there is no
> server on our network to authenticate or create certificates.

> Any Ideas?

> All the other whitepapers at MS deal with the assumption that a Cert Server
> on the Network is running Win 2000 and issuing the cert.

> Thanks

 
 
 

EFS - Encrypted File System

Post by Stargat » Sat, 26 Feb 2000 04:00:00


Right, But I currently don't have any certificates in there.

In order to verify how the system was working and verify my security, I
deleted my certificate after making a backup.

I can still read the encrypted files, even though there are no certificates
in there for me as a user.

Why do I still have access to those encrypted files?

thanks


    The system is automatically issuing you certificates for EFS encryption.
To manage these certs, Type "MMC" in the RunBox, and add the Certificate
Manager snap-in (via the Console Menu).

-Bryce


Quote:> I need some help with EFS, I downloaded the whitepaper, and read through
> that, however I need some help that it does not seem to give.

> I am using only 1 Win 2000 workstation and NT4 servers, so the only EFS is
> on my own laptop here.

> How does MS handle EFS and certificates in this situation.  I have no
known
> certificates on my system, and I still can encrypt and decrypt files.  How
> can this be?

> I would like to grant another user on this system the ability to recover
the
> files, and I would like to save that certificate somewhere.

> I assume that I will have to use my Thawte certificates siince there is no
> server on our network to authenticate or create certificates.

> Any Ideas?

> All the other whitepapers at MS deal with the assumption that a Cert
Server
> on the Network is running Win 2000 and issuing the cert.

> Thanks

 
 
 

EFS - Encrypted File System

Post by JMV » Sat, 26 Feb 2000 04:00:00


You can also view the certificates on your system by going to Users and Passwords in Control Panel. Click on advanced >
certificates. If you double click on a certificate you will notice that it is not trusted since it wasn't created / installed by a
Cert Server.

--
John M. Vittone
MS MVP

    The system is automatically issuing you certificates for EFS encryption.  To manage these certs, Type "MMC" in the RunBox, and
add the Certificate Manager snap-in (via the Console Menu).

-Bryce


> I need some help with EFS, I downloaded the whitepaper, and read through
> that, however I need some help that it does not seem to give.

> I am using only 1 Win 2000 workstation and NT4 servers, so the only EFS is
> on my own laptop here.

> How does MS handle EFS and certificates in this situation.  I have no known
> certificates on my system, and I still can encrypt and decrypt files.  How
> can this be?

> I would like to grant another user on this system the ability to recover the
> files, and I would like to save that certificate somewhere.

> I assume that I will have to use my Thawte certificates siince there is no
> server on our network to authenticate or create certificates.

> Any Ideas?

> All the other whitepapers at MS deal with the assumption that a Cert Server
> on the Network is running Win 2000 and issuing the cert.

> Thanks

 
 
 

EFS - Encrypted File System

Post by Paul Adar » Sat, 26 Feb 2000 04:00:00



says...

Quote:> Right, But I currently don't have any certificates in there.

> In order to verify how the system was working and verify my security, I
> deleted my certificate after making a backup.

> I can still read the encrypted files, even though there are no certificates
> in there for me as a user.

> Why do I still have access to those encrypted files?

Becuase the certificate you deleted is for the recovery agent. The info
for the user is stored in the protected storage section of the registry.
You should have a look at the relevant white papers from the MS site.

Also, please try to pick a topical group for your posts rather than
using the shotgun effect...

<follow-ups to .security>

--
Paul Adare
MCT News Group Manager
Si hoc signum legere potes, operis boni in rebus
Latinus alacribus et fructuosis potiri potes!

 
 
 

EFS - Encrypted File System

Post by Stargat » Tue, 29 Feb 2000 04:00:00


If you delete the certificate though, the information is still in Protected
storage, How do you remove this information from protected storage and start
over?

Can you use certificates from Verasign or Thawte?

Can the workstation itself create new certs?




> > You are already have another person with the ability to recover the
> > files (Encryption Recovery Agent) - Administrator :) with his genarated
certificate.
> > BTW you CANNOT use Thawte certificate because it does not have

appropriate key usage in certificate.
Quote:

> The default recovery agent isn't always administrator: if you
> create an additional user account through the logon wizard when
> Windows 2000 Professional boots for the first time (on a
> standalone system) and the first logon is to that account, it
> will be the recovery agent.

> --

> Luc VdV (MCP, MVP) - http://gallery.uunet.be/lucvdveken/
> Subtract a hundred and eleven to get my real e-mail address.
> These groups were created as a source of support for you - questions
> that arrive in my mailbox will *always* remain unanswered (sorry).

 
 
 

EFS - Encrypted File System

Post by Luc Van der Veke » Tue, 29 Feb 2000 04:00:00



> If you delete the certificate though, the information is still in Protected
> storage, How do you remove this information from protected storage and start
> over?

Your question is not clear to me.  There's a default recovery
agent who can decrypt your files (see earlier posts in this
thread) if you lose your certificate - is that it?

Quote:> Can you use certificates from Verasign or Thawte?

Start an empty MMC, and add the certificates snap-in (let's say
for local machine).  Open the tree Certificates (local Computer)
/ Trusted root certificates / Certificates, and you'll see a list
of 106 trusted certificate providers.  Thawte and Verisign are
both in the list.

Quote:> Can the workstation itself create new certs?

You need a certification authority to contact, AFAIK there is
none you can install on Pro.

--

Luc VdV (MCP, MVP) - http://gallery.uunet.be/lucvdveken/
Subtract a hundred and eleven to get my real e-mail address.
These groups were created as a source of support for you - questions
that arrive in my mailbox will *always* remain unanswered (sorry).

 
 
 

1. EFS - Encrypted File System

I need some help with EFS, I downloaded the whitepaper, and read through
that, however I need some help that it does not seem to give.

I am using only 1 Win 2000 workstation and NT4 servers, so the only EFS is
on my own laptop here.

How does MS handle EFS and certificates in this situation.  I have no known
certificates on my system, and I still can encrypt and decrypt files.  How
can this be?

I would like to grant another user on this system the ability to recover the
files, and I would like to save that certificate somewhere.

I assume that I will have to use my Thawte certificates siince there is no
server on our network to authenticate or create certificates.

Any Ideas?

All the other whitepapers at MS deal with the assumption that a Cert Server
on the Network is running Win 2000 and issuing the cert.

Thanks

2. Referring with superscript?

3. W2K EFS (Encrypting File System) - Lost Certificate

4. Simple script language writing

5. Encrypting File System (EFS) & Smart Card

6. Dialback Management

7. w2ksp3.exe is not a valid Win32 application

8. EFS Unable to encrypt files

9. Decryption of encrypted files of a deleted user (EFS decryption)

10. EFS: Can't encrypt file

11. EFS recovery agent is not able to decrypt an encrypted file....