One of the advertised features of EFS was protection of data in the event of
say a stolen laptop. EFS was supposed to protect against someone throwing
the harddrive into another system that they did have admin access on, and
circumventing the NTFS permissions in that manner.
Again this issue shows that physical security is the underlying trump card.
--------------
>Correct me if I'm wrong, but the use of programs that utilize direct disk
>access (such as DiskProbe) is restricted to the Local Administrator
>account (as per
>http://www.microsoft.com/windows2000/guide/professional/solutions/manageme
>nt.asp). If an would be attacker has this kind of access, he automatically
>has the sufficient power (due to the existence of the recovery agent
>certificate, unless the computer is part of a domain (but that's another
>story) to decrypt any locally stored file.
>
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com
