Re: NTFS File Encryption Question

Al Dykes wrote:
> In article <a7no51p189d8qimdbdlqhsjh1r3sre09ba@xxxxxxx>,
> NobodyMan <none@xxxxxxxx> wrote:
>> I am certainly no expert on EFS and the XP implementation, but I do
>> know it is tied to the SID of the user account in question. I
>> strongly suspect that when you move the USB drive to the notebook,
>> then import the certificates, it won't decrypt them because the SIDs
>> on the two accounts don't match. They can't and never will.
>
> That doesn't sound right. If you export the keys to a floppy as a
> disaster contingency plan the next machine you use the key on will
> never have the same SID.


Correct.

Read up on encryption here:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;223316

NTFS file encryption is not for the faint of heart. You take a risk when you
encrypt. There is NO back door to get your files back if you find yourself
in a situation where you can't access them. You must have a valid private
key and certificate, and best to have a designated recovery agent.

Remember, encryption is only as good as the password you have assigned to
your account. It runs transparent. If someone wants at your files, and can
figure out your password, then it does no good...

It can be easy to have files ecrypted, and without thinking you do a
reformat, or find yourself in a disaster situation and have to reformat,
only to find you can no longer access those important files you have
encrypted. Or you find yourself in a situation where suddenly your user
profile has become corrupt...

I keep my private key and certificate seperate, on both a floppy and a cdr,
and put away in a safe place.
I really probably don't need to use encryption, but I am paranoid and if my
system should get stolen, or someone get access to it without my knowledge,
I do not want them to easily be able to get to important personal
information, like my financial files. But I realize, even with the
precautions I take, I still run a risk of loss if I screw up, which can
happen!

So if you really believe you need encryption, and accept the risk, I
strongly suggest to do a lot of reading on it, then ecrypt some non
important files, and test them, before ecrypting your important files that
you can't do without.

Don Burnette







.

Relevant Pages

  • Re: decrypt help...
    ... > i've tried re-establishing a user account with the same name as when i ... then importing the cert/key combo into that account ... You would need a backup of the user profile and machine system state as well ... >> a slippery slope that most stay as far away from encryption as possible. ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: NTFS File Encryption Question
    ... >>> know it is tied to the SID of the user account in question. ... >NTFS file encryption is not for the faint of heart. ... Well, as I said at the outset, I'm no expert in EFS. ...
    (microsoft.public.windowsxp.general)
  • Re: decrypt help...
    ... even though i'm almost certain the cert/key combo i've recovered ... i've tried re-establishing a user account with the same name as when i ... then importing the cert/key combo into that account ... > a slippery slope that most stay as far away from encryption as possible. ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: encryption problem
    ... The encryption was tied to the SID and there is ... Even if he re-created his account. ... >>where i have an administrator user acount. ...
    (microsoft.public.windowsxp.security_admin)
  • RE: IUSR_ (Server A) -> Account Unknown (Server B) problem
    ... to adjust the permissions manually. ... Each user account has a unique SID. ...
    (microsoft.public.windows.server.migration)