The upgrade comes with a key flaw
When Microsoft released Encrypting File System (EFS) as part of Windows 2000, the company touted EFS as an easy-to-use solution to the problem of protecting confidential documents on stolen laptops. However, users soon discovered a serious weakness in Win2K that rendered EFS effectively useless on Win2K computers that were part of a workgroup rather than part of a Windows NT or Active Directory (AD) domain. In Windows XP, Microsoft provides a solution to this problem. However, as is often the case with Microsoft products, the solution doesn't quite work the way the documentation states it should. Before you start using XP's EFS in your environment, you need to know how EFS data recovery has changed in XP, and you need to understand a key flaw in EFS's new password reset disk feature.
The Win2K EFS Problem
Let's start with a little Win2K EFS background. When you right-click a file in Windows Explorer, select Properties, and click Advanced on the Properties dialog box's General tab, you see the Encrypt contents to secure data check box. When you select this check box, Win2K generates a symmetric file encryption key (FEK) and uses this FEK to encrypt the file. Win2K then uses your EFS certificate's public key (which resides in your user profile) to encrypt the FEK and stores the encrypted FEK with the file. Therefore, the FEK protects the file, and your EFS certificate's private key protects the FEK. But what's protecting your EFS certificate's private key? Simply put, your ability to log on protects your private key. In light of that answer, you might think that Win2K uses your password to encrypt the private key. However, in Win2K, the administrator can reset your password without affecting your ability to access your encrypted files. Although this administrative capability is beneficial in terms of forgotten passwords, it creates a significant vulnerability on workgroup computers—that is, computers that aren't a member of a domain. . . .
Register
