Someone with ample access to an AD Integrated CA can issue themself a Recovery Agent cert which will decrypt EFS stuff that they don't already have access to. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132
________________________________ From: [EMAIL PROTECTED] on behalf of steve patrick Sent: Wed 1/25/2006 10:14 AM To: [email protected] Subject: Re: [ActiveDir] OT: Encrypting shared folders Interesting viewpoint Joe, Care to expand on this specific to EFS? steve ----- Original Message ----- From: "joe" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Wednesday, January 25, 2006 6:22 AM Subject: RE: [ActiveDir] OT: Encrypting shared folders > One good need for this is to block out server admins from sensitive data > on > servers. In that case, it is probably best to get away from any MS tech > for > the protecting of the data due to the get out of jail cards that are inate > in most MS seurity mechanisms whether we are aware of them or not. > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > [EMAIL PROTECTED] > Sent: Wednesday, January 25, 2006 3:31 AM > To: [email protected] > Subject: RE: [ActiveDir] OT: Encrypting shared folders > > I would ask first - 'why do you think you need to encrypt files, when they > can be protected using NTFS permissions?' > > To enter the land of PGP and/or EFS may imply the need for a PKI which is > a > huge undertaking. > > > neil > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, > CPA > aka Ebitz - SBS Rocks [MVP] > Sent: 24 January 2006 17:11 > To: [email protected] > Subject: [ActiveDir] OT: Encrypting shared folders > > Since there's more big server land people, can you indulge this question? > > What do you do for encrypting files up on a share? > > On standalone devices I use EFS or PGP.com but I've yet to deploy a > "ADaware" network solution. > > Susan > > -- > Letting your vendors set your risk analysis these days? > http://www.threatcode.com > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > PLEASE READ: The information contained in this email is confidential and > intended for the named recipient(s) only. If you are not an intended > recipient of this email please notify the sender immediately and delete > your > copy from your system. You must not copy, distribute or take any further > action in reliance on it. Email is not a secure method of communication > and > Nomura International plc ('NIplc') will not, to the extent permitted by > law, > accept responsibility or liability for (a) the accuracy or completeness > of, > or (b) the presence of any virus, worm or similar malicious or disabling > code in, this message or any attachment(s) to it. If verification of this > email is sought then please request a hard copy. Unless otherwise stated > this email: (1) is not, and should not be treated or relied upon as, > investment research; (2) contains views or opinions that are solely those > of > the author and do not necessarily represent those of NIplc; (3) is > intended > for informational purposes only and is not a recommendation, solicitation > or > offer to buy or sell securities or related financial instruments. NIplc > does not provide investment services to private customers. Authorised and > regulated by the Financial Services Authority. Registered in England no. > 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand, > London, EC1A 4NP. A member of the Nomura group of companies. > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
<<winmail.dat>>
