D
DelJo63
XP/Pro users have the ability to encrypt files and directories using the Encrypted File System(EFS).
You should think TWICE about this before you act!
For various reasons, you may loose the ability to decrypt you data and therefore
while still present on the disk, it is effectively the same as being deleted!
Home users (ie those without a Domain Controller) should NOT use the EFS feature
without understanding the Recovery Agent and how to backup and recover
the certificate.
details:
PLEASE see the article to create a Recovery Agent
This MS article has the File Encryption Documentation
You should think TWICE about this before you act!
For various reasons, you may loose the ability to decrypt you data and therefore
while still present on the disk, it is effectively the same as being deleted!
Home users (ie those without a Domain Controller) should NOT use the EFS feature
without understanding the Recovery Agent and how to backup and recover
the certificate.
details:
Code:
Master Key Storage and Security
The Data Protection API automatically encrypts the user’s master key or keys.
Master keys are stored in the user profile under
RootDirectory\Documents and Settings\username\Application Data\Microsoft\Protect.
For a domain user who has a roaming profile, the master key is located in the
user’s profile and is downloaded to the user’s profile on the local computer
until the computer is restarted.
While the user is logged on, when a master key is not being used for a
cryptographic operation, it is encrypted and stored on disk. Before master
keys are stored, they are 3DES-encrypted using a key derived from the user’s
password. When a user changes his or her logon password, master keys are
automatically unencrypted and re-encrypted using the new password.
Master Key Loss and Data Recovery
If a [U][B]logon password is forgotten or if an administrator resets a user password[/B][/U],
the user’s master keys become inaccessible. Because the decryption key is
derived from the user’s password, the system is unable to decrypt the master
keys. Without the master keys, EFS-encrypted files are also inaccessible to
the user and can be recovered only by a data recovery agent, if one has
been configured, or through the use of a password reset disk (PRD),
if one has been created.
Changing your login profile or reinstalling XP/Pro also has the same effect!
For more information, [b]see article 290260[/b],
“EFS, Credentials, and Private Keys from Certificates Are Unavailable After a Password Is Reset,”
in the Microsoft Knowledge Base at http://support.microsoft.com.PLEASE see the article to create a Recovery Agent
This MS article has the File Encryption Documentation
