Venkatasamy,Venkat wrote: > The helpdesk support team will have local admin access in all the > computers. The members will be able to access the profile folders for > all users. In this case, I belive this is a not a secure solution.
Local administrator access in itself, even to the server on which profile directories are stored, is not enough to decrypt the file if you are using an Active Directory domain and your users are logging in via domain accounts. In this scenario, only the user and the encryption administrator (which defaults to the domain's first Administrator account) at the time of the file's original encryption would be able to decrypt the file. Local administrator access via an administrative account other than the default built-in administrator account would also be insufficient where the users are logging into standalone machines with local user accounts, as the encryption administrator on a standalone machine defaults to the built-in local administrator account. While it's not perfect, NTFS encryption does give a reasonable form of protection when used intelligently. There are a number of explanations of this around on the web, as well as a number of Microsoft publications (including the MCP, MCSA, and MCSE training kits for the Windows 2000 Server/Advanced Server and Windows Server 2003 products), that cover this topic quite well. Of course, there is no such thing as unbreakable encryption. Anyone who wants your data will get it with sufficient time, computing power, and determination. John
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Support mailing list [email protected] http://pidgin.im/cgi-bin/mailman/listinfo/support
