| Author |
Mon W2K Professional Question of the Day
|
|
| wbafrank 2002-04-08, 12:44 pm |
|  And today's poser is ....
Q74. Who has the ability to open a file that was encrypted using the Windows 2000 Encrypted File System (EFS)? (Choose all that apply)
A. The user that encrypted the file
B. Domain Administrators
C. Power Users
D. Administrators
Good Luck .... see you tomorrow for the answer!! | |
|
|
| Pavlov 2002-04-08, 1:17 pm |
| I'll second that A and raise you a B
Going with A & B | |
| cyrano duh 2002-04-08, 1:27 pm |
| I've got to fess up here and say I'm not at all sure. But after reading the "help" files on encryption, I will hesitantly go for A only. I think the Domain Administrator and the administrator are recovery agents but only the person who encrypted the file can open it. | |
| anngra 2002-04-08, 1:27 pm |
| I think its A& D as well | |
| denis_baribeau 2002-04-08, 1:40 pm |
| I would have to say ( A ) only
B,C,D could but only ( IF )other condition apply that I dont see in the question.
This one is debatable.I'll learn on this one. | |
| TxBear 2002-04-08, 1:51 pm |
| I'll say A | |
|
| My answer will be "A"
 | |
| dillinger 2002-04-08, 2:02 pm |
| Well I would have to say A+B Because EFS allows recovery agents to configure public keys that are used to recover encrypted data if a user leaves the company.
The recovery policy is under the control of the domain administrator
Good luck. | |
| mrfixit 2002-04-08, 2:45 pm |
| Have to go with A and B on this one! | |
| Teck Shark 2002-04-08, 3:58 pm |
| So the answer is A !
Recovery agents can "decrypt" files for you. | |
| mrfixit 2002-04-08, 4:10 pm |
| Should have "read" the question, instead of "reading" into it!
The correct answer is A! | |
|
| I'd say A.
D looks plausible...
but is an administator a recovery agent. | |
| robertmillar 2002-04-08, 4:41 pm |
| A | |
| claudio rivas 2002-04-08, 6:09 pm |
|  I didn't read the question properly
A. The user that encrypted the file. CORRECT
This user is the creator owner
The ADMINISTRATOR and the DOMAIN ADMINISTRATORS could decrypt the file too.
I have two questions...
taking a look at the group policy i have seen that only the Administrator is on the Recovery Agents and i don't know how to add a local user or another user member of the Administrators, the users need to be certified to add to the Recovery Agents, how do i certify a user? and, Could be only aggregated to the Recovery Agents the users in Active Directory or could the local users be added too?. | |
| IT 1588 2002-04-08, 8:20 pm |
| A is the answer. | |
| Jazebel 2002-04-08, 8:57 pm |
| quote:
Originally posted by cyrano duh
I've got to fess up here and say I'm not at all sure. But after reading the "help" files on encryption, I will hesitantly go for A only. I think the Domain Administrator and the administrator are recovery agents but only the person who encrypted the file can open it.
Certainly A, the keyword here is open | |
| Tech Ranger 2002-04-08, 9:43 pm |
| The user can open it. A recovery agent can decrypt it AND can open it if he has proper permissions. Without knowing the ACL of the file, I would have to say only "A". | |
| mcdoud 2002-04-08, 11:43 pm |
| A, B, D
In a domain, Domain Administrators are the default recovery agents.
Outside of the domain, the Administrator is the default recovery agent (eg logged in locally or workgroup). | |
| calidog 2002-04-09, 4:48 am |
| I would go with A. | |
|
|
| NetChild1985 2002-04-09, 6:05 am |
| "A"! | |
| sharnsharn 2002-04-09, 8:03 am |
| i will go for a because there is a defferance in a recovbery agent the only person that can open a file that is encrepted is the person who did it if the person had left the company then that's were the recovery agent will come in remember that is the only person that can perform that job therefore answers b,c,d are incorrect | |
|
|
| peacefrg 2002-04-15, 10:43 am |
| definately A...B and D can also be correct depending on whether or not the workstation is part of a domain or not. If it is attached to the domain, then domain admins may also open an encrypted file. If they are not attached to the domain, then by default, the local administrators account becomes the default recovery agent and therefore may also open the encrypted file. In Win2K, you MUST have a recovery agent defined in order to use the EFS. In WinXP, they have removed this requirement. | |
| mmowdy 2002-04-15, 1:09 pm |
| The only answer is A...
With EFS, the only people that can access the encrypted file are the file owner/creator and the ecrypted data recovery agent...
The recovery agent is assigned by the Enterprise Administrator in a network. |
|
|
|