Microsoft EFS

Secure Home | Search | About

Lost Password?

Microsoft Applications Security

get this group's latest topics as an RSS feed

add this group's latest topics to your My MSN content

add this group's latest topics to your My Yahoo content

add this group's latest topics to your Google content

Subject

Author

Date

Microsoft EFS

mohan

09-20-2006

Re: Microsoft EFS

Paul Adare

09-20-2006

Posted by mohan on September 20, 2006, 9:55 am

If you were Registered and logged in, you could reply and use other advanced thread options

Hi

Few questions on EFS.

1) XP in domain environment. Can I copy the encypted EFS folder
to my portable USB drive? The drive is NTFS format. I know I can't if
the external drive is FAT/FAT32. What about NTFS?

2)If I have encrypted EFS folder, and I backup to tape and store for
one year.
When I restore the folder from tape a year later Can I still read -
decrypt the folder ?
The password I am using now is definitely different for my password a
year ago... so how?
Since the EFS encrypted folder was archived to tape no longer on my
machine, then it will not get updated (I understand for EFS the key to
decrypt is tied to my password) when I change my password.

Any MS expert around to help??

Thanks.

Posted by Paul Adare on September 20, 2006, 10:07 am

If you were Registered and logged in, you could reply and use other advanced thread options

In article <1158760542.428980.69490
@h48g2000cwc.googlegroups.com>, in the
microsoft.public.security news group, mohan <bluetooth995
@gmail.com> says...

> Hi

> Few questions on EFS.

> 1) XP in domain environment. Can I copy the encypted EFS folder

> to my portable USB drive? The drive is NTFS format. I know I can't if

> the external drive is FAT/FAT32. What about NTFS?

You can copy the folder regardless of the file system. If
the destination drive is NTFS, the encryption will be
maintained, if the destination is FAT/FAT32, the copy will
be decrypted.

> 2)If I have encrypted EFS folder, and I backup to tape and store for

> one year.

> When I restore the folder from tape a year later Can I still read -

> decrypt the folder ?

Assuming that you still have access to the certificate and
keys that were used for the initial encryption, then yes.

> The password I am using now is definitely different for my password a

> year ago... so how?

> Since the EFS encrypted folder was archived to tape no longer on my

> machine, then it will not get updated (I understand for EFS the key to

> decrypt is tied to my password) when I change my password.

You don't understand how this works. The encryption is not
tied to your password, and encrypted files do not get
updated when your password changes. Access to the key used
for encryption is protected by your password (really
simplifying how this actually works here, check out DPAPI
on the Microsoft web site for details). As above, as long
as you still have access to the key used you can decrypt.

--
Paul Adare - MVP Virtual Machines
It all began with Adam. He was the first man to tell a
joke--or a lie. How lucky Adam was. He knew when he said a
good thing, nobody had said it before. Adam was not alone
in the Garden of Eden, however, and does not deserve all
the credit; much is due to Eve, the first woman, and Satan,
the first consultant." - Mark Twain

Similar Threads	Posted
Microsoft Takes on Google and Yahoo with Microsoft Adcenter and Adlabs	May 7, 2007, 4:14 pm
Microsoft copy-cat - comments from Microsoft staff requested.	October 29, 2008, 6:22 am
The Microsoft Internet Explorer Weblog The Microsoft Internet Explorer Weblog IEBlog	June 4, 2007, 5:52 pm
Re: Can Microsoft be trusted?	October 4, 2005, 3:06 am
Re: Can Microsoft be trusted?	October 4, 2005, 7:15 am
Re: Can Microsoft be trusted?	October 5, 2005, 12:02 pm
Got this message from Microsoft	May 5, 2006, 5:24 pm
Microsoft CA query	December 14, 2006, 12:11 am
Microsoft or virus?	December 25, 2006, 12:47 am
Email from Microsoft (?)	May 17, 2007, 3:17 am

The site map in XML format XML site map