| Author |
Reference Mondays Question of Day.
|
|
| cyrano duh 2002-04-09, 2:03 pm |
| I have a question - This was originally posted by wbafrank as Mondays Question of the Day ....
Q74. Who has the ability to open a file that was encrypted using the Windows 2000 Encrypted File System (EFS)? (Choose all that apply)
A. The user that encrypted the file
B. Domain Administrators
C. Power Users
D. Administrators
Correct Answers: A
Only the user that encrypts a file will be able to open it. However, recovery agents will be able to recover the file in the event that the user that encrypted it loses his/her file encryption certificate. The administrator of the local computer is the default recovery agent unless you are in a domain environment. In a domain environment, the domain administrator is the default recovery agent.
__________________
My Question is this .......... If only the user that encrypted the file can open it, what happens if the user leaves the company under a dark cloud and does not decrypt? We know that the Domain Administrator and the Administrator can act as recovery agents but does this mean that they can open the file too? | |
| Teck Shark 2002-04-09, 2:26 pm |
| quote:
Originally posted by cyrano duh
I have a question - This was originally posted by wbafrank as Mondays Question of the Day ....
Q74. Who has the ability to open a file that was encrypted using the Windows 2000 Encrypted File System (EFS)? (Choose all that apply)
A. The user that encrypted the file
B. Domain Administrators
C. Power Users
D. Administrators
Correct Answers: A
Only the user that encrypts a file will be able to open it. However, recovery agents will be able to recover the file in the event that the user that encrypted it loses his/her file encryption certificate. The administrator of the local computer is the default recovery agent unless you are in a domain environment. In a domain environment, the domain administrator is the default recovery agent.
__________________
My Question is this .......... If only the user that encrypted the file can open it, what happens if the user leaves the company under a dark cloud and does not decrypt? We know that the Domain Administrator and the Administrator can act as recovery agents but does this mean that they can open the file too?
Good question. A recovery agent can decrypt files. Once the file is decrypted, any user with permissions to read that file can access it. Also, encrypted files can become decrypted if you copy or move the file to a volume that is not an NTFS volumes.
Hope that helps! | |
| cyrano duh 2002-04-09, 2:33 pm |
| So, are we now saying that the answer should have been A; B; and D? | |
| Teck Shark 2002-04-09, 2:42 pm |
| quote:
Originally posted by cyrano duh
So, are we now saying that the answer should have been A; B; and D?
No, because the question is asking "who can open an encrypted file?" Only the user that encrypted that file can open it. The only way a recovery agent can open that file is if they decrypt it.
Check out this link for more info.
http://www.microsoft.com/windows200...pt_overview.htm | |
| cyrano duh 2002-04-09, 2:46 pm |
| Got it! Cheers. | |
|
| Good question cryrano.
Nice explanation Teck Shark.
Cheers! | |
| wbafrank 2002-04-09, 9:55 pm |
| Teck Shark thank you for clarifying this. |
|
|
|