Re: EFS Access
- From: "Martin v. Löwis" <martin@xxxxxxxxxxx>
- Date: Tue, 13 Jun 2006 08:51:39 +0200
Mark St. Laurent wrote:
Is there any way to set up EFS so that only users granted specific rights can
access the encrypted files, including system administrators? And, if the
rights were set up in this way, would the Backup Operators group still be
able to access the files to back them up?
The whole point of EFS is that only selected users can read the content
of the file, and that not even system administrators can "get" to the
content; the only exception is the recovery agent, if a recovery agent
is installed.
EFS only protects the content of the file, other operations, such as
listing file attributes, renaming or removing the file are not protected
by EFS.
As a special case, the Backup Operators can open the file *for backup*.
They will be able to backup the file, but still not find out what the
content is, i.e. they will backup the encrypted data as-is. This
requires that the backup program being used indeed opens the file
*for backup*; if a backup operator tries to open the file in the
regular way, they still cannot get to the content.
Regards,
Martin
.
- Prev by Date: RE: Unable to Change Folder Security from Workstation
- Next by Date: Re: Error 1607: I don't seem to have an install engine?!?!
- Previous by thread: RE: Unable to Change Folder Security from Workstation
- Next by thread: volume locking
- Index(es):
Relevant Pages
|
Loading
