| Author |
Spid's Mon (11/11) Win2k Pro. QoD
|
|
|
| Seeing that we had so much fun with the last EFS question, here's another one 
Slinky has used EFS on his Windows 2000 computer to encrypt a file that contains sensitive beer receipe ingredients. Slinky's computer belongs to the domain that you administer.
Slinky got really ticked off one day and left the company. In his haste to leave, he forgot to delete the encrypted file on his system.
Deja has been hired to replace Slinky. You must enable Deja to access the contents of the encrypted file.
Which of the following should you, as the network admin guru, do? (Select the best choice)
A. Logon to Slinky's system by using the local Administrator account and decrypt the file.
B. Assign Deja the Take Ownership permission for the file and let him take ownership.
C. Back up the encrypted file, restore the backup on your computer, and decrypt the file.
D. Copy the encrypted file to a diskette.
Good luck and see you tomorrow for the answer!! | |
| enforcer 2002-11-11, 8:41 am |
| seeing as deja has been hired to replace slinky i would go with E. rename slinkys account for deja to use.
however seeing as that's not an option
C | |
| Deja-vue 2002-11-11, 9:29 am |
| agree with enforcer... E would have been a easy way out. but C it would be.
BTW, i could never fully replace Slinky. | |
| NetChild1985 2002-11-11, 9:41 am |
| 
C | |
| hlang 2002-11-11, 10:28 am |
| C | |
| soccer4net 2002-11-11, 11:17 am |
| I say F why bother backing up the file? Why not just decrypt it directly since you have domain admin rights. | |
| sadawson1 2002-11-11, 11:26 am |
| I would say G, the Microsoft way. Reboot, if still can't access file then format and re-install. YOu will then have no encrypted files to worry about. | |
| Slinky 2002-11-11, 1:25 pm |
| C. | |
| namrak 2002-11-12, 2:26 am |
| Have to go with answer (C) as well. | |
| hazz_bin 2002-11-12, 5:34 am |
| I'm going to stick my neck out and go with A. | |
|
| quote:
Originally posted by Spid
Seeing that we had so much fun with the last EFS question, here's another one
Slinky has used EFS on his Windows 2000 computer to encrypt a file that contains sensitive beer receipe ingredients. Slinky's computer belongs to the domain that you administer.
Slinky got really ticked off one day and left the company. In his haste to leave, he forgot to delete the encrypted file on his system.
Deja has been hired to replace Slinky. You must enable Deja to access the contents of the encrypted file.
Which of the following should you, as the network admin guru, do? (Select the best choice)
A. Logon to Slinky's system by using the local Administrator account and decrypt the file.
B. Assign Deja the Take Ownership permission for the file and let him take ownership.
C. Back up the encrypted file, restore the backup on your computer, and decrypt the file.
D. Copy the encrypted file to a diskette.
Good luck and see you tomorrow for the answer!!
And the answer is....C
For EFS to work, an EFS recovery policy must be defined. By default, the Administrator account on the first domain controller installed in the domain becomes an EFS recovery agent for the domain.
After Slinky leaves, you have two viable options to provide Deja with access to Slinky's encrypted file.
1) You can reset the password on his domain user account and let Deja use that account to logon to Slinky's computer.
2) You can back up the file to your computer where your EFS certificate is installed, restore the backup and decrypt the file.
Note - The local Administrator account on Slinky's computer can not decrypt the file because when Slinky was encrypting the file, the computer belonged to the domain. The Administrator of the first domain controller in the domain is used as a recovery agent. | |
|
|
|
|
| namrak 2002-11-12, 2:51 pm |
| LOL!
I got the stick not too long ago heh heh. | |
| hazz_bin 2002-11-13, 2:38 am |
| Owww! Hey! Ouch! Whaddya doin? Oww!!
Yes, I deserve the thrashing. This is what happens from not actually doing it in the real world but relying on the book. My misunderstanding was with who got the certificate. In my Osborne/Syngess book, it seemed to say the Administrator account when the PC is set up, any PC not just the DC. I took that to mean that the Administrator account on Slinky's PC already had Recovery Agent status. If I had taken the time and effort to actually do it, perhaps my head would not be so sore right now. I promise I'll do better next time Mr. Spid. | |
|
|
You guys are too funny! |
|
|
|