|
Home > Archive > 70-210 > February 2001 > Efs
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| trebor 2001-02-20, 4:56 am |
| According to http://windows.microsoft.com/windows2000/en/server/help,
"EFS Best Practices"
"Encrypted files can become decrypted if the user
copies or moves the file to a FAT volume."
My question is - wouldn't that mean that all I have to do is move someones encrypted file to a FAT volume to have access to it?
Where am I going wrong here?
Trebor | |
|
| my understanding is that only the creator of the files will have the ability to move them to a floppy or non-NTFS drive...all other users would receive an error..the only way to decrypt the files is to use and EFS Recovery Agent | |
|
| Basically only the User who created the encrypted file or Users who are designated as a Recovery Agent can move or copy that encrypted file to another NTFS partition or to a FAT or FAT32 volume.
If a User who did not create the encrypted file attempts to copy that file they will receive an Access Denied message.
However, if I remember right, a User who did not create the encrypted file can move that file to a different folder located on the SAME NTFS partition.
Anyone else want to chime in on this? | |
|
| quote:
Originally posted by Spid
Basically only the User who created the encrypted file or Users who are designated as a Recovery Agent can move or copy that encrypted file to another NTFS partition or to a FAT or FAT32 volume.
If a User who did not create the encrypted file attempts to copy that file they will receive an Access Denied message.
However, if I remember right, a User who did not create the encrypted file can move that file to a different folder located on the SAME NTFS partition.
Anyone else want to chime in on this?
You are correct. A user (other than administrator and creator owner) can move an encrypted file to another folder on the same NTFS partition. The user can move the file all day, but will still receive an "access denied" message at the end of the day. I'm pretty sure that Microsoft would have known about that if it were that simple to access an encrypted file.  |
|
|
|
|