1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

A problem ....

Discussion in 'Windows Vista / 7 / 8 Client Exams' started by Farrukh, Aug 5, 2005.

  1. Farrukh

    Farrukh Bit Poster

    15
    0
    16
    Hello Everyone

    I think many of you have cleared your XP PRO paper.
    I am preparing for MCSE crtification,
    thinking of giving the exam of XP PRO (70-270) in this month.

    I have a problem which you might be able to solve easily:-

    I have windows XP Pro,
    There re two accounts 1. Administrator, 2. User
    User has created a text file and put it into a folder.
    He has also Encrypted that folder and the administrator wants to read that text file what will he have to do so that the user donot even know about the act of administrator?
    Please Help
     
    WIP: Preparing for MCSE
  2. simongrahamuk
    Honorary Member

    simongrahamuk Hmmmmmmm?

    6,199
    125
    199
    Sorry Farrukh I havent had much experience with encrypted files or recovery agents so I'm unable to help you on this one. :rolleyes:
     
  3. Try

    Try Bit Poster

    27
    1
    18
    Hello there,

    think the admin account is a recovery agent by default so he/she should read the file no problem.
     
    Certifications: N+ MCP 210-215
    WIP: MCSA
  4. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    Well, as this looks like an attempt to get an answer to a question, not real life experience, I'll just say this: The encryption part of the question I see as a red herring. Hiding the access of the file by the administrator is the main point of the question.
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1
  5. Farrukh

    Farrukh Bit Poster

    15
    0
    16
    hello

    friends i am not able to decrypt the file created by the user.
    Although i am loging in as an administrator but the message "Access Denied" appear as i try to open the text file.
    help
     
    WIP: Preparing for MCSE
  6. simongrahamuk
    Honorary Member

    simongrahamuk Hmmmmmmm?

    6,199
    125
    199
    Have you checked the files security tab to make sure that you have permissions to access the file? 8)
     
  7. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    That's the problem. You are logging in as an administrator. The recovery agent is not any account with administrator privileges. It is the administrator account. Big difference.
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1
  8. Farrukh

    Farrukh Bit Poster

    15
    0
    16
    Hello friends

    how will i be able to find out the permissions on that text file whose owner is the user himself?
    Will i be able to find out the policy through properties and i haven't got the permission to access the file then can i decrypt the file?
    I cannot get Mr.Ffreeloader, what are you trying to say friend
    well administrator account and loging on as administrator are two different things then from them what should i choose to be a default recovery agent

    Help
     
    WIP: Preparing for MCSE
  9. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    What I read in your post was that you were logging as an administrator, or in other words, logging on with a user account that had been given administrator privileges. That is not the same thing as logging on using the administrator account. Only the administrator account itself is given the right to read all encrptyed files. Do you understand the difference now?
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1
  10. Farrukh

    Farrukh Bit Poster

    15
    0
    16
    Got your point friend but i am the administrator and am not still able to decrypt the file.
    Ithink the administrator have to be upgraded as a recovery agent through some process of importing and exporting of certificates.
    the process which i am using is described in the threas"CREATING A RECOVER AGENT" it is also in thic forum.
    I thing i am missing something in that procedure so you might wanna give it a look. Have to go its too late gonna sleep

    Bye see ya tomorrow
     
    WIP: Preparing for MCSE
  11. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,871
    167
    256
    I'm thinking that the question is asking how can the user tell if the recovery agent has accessed the file, what clues might be left? Leads me to think he should copy it first :rolleyes:

    Well unless auditing is turned on for accessing files, which it isn't by default, the only way would be to look at the properties and see if the administrator had taken ownership of the file in order to try and decrypt it. Usually the owner is the creator of the file.



    More info here...

    Another method for data recovery is to use a central recovery workstation in the enterprise. This may be performed by using a backup utility such as ntbackup.exe to perform a raw backup of the encrypted files and then restore those files on a central recovery machine. The DRA private keys may be stored on the recovery machine or imported as necessary. This method is valuable for organizations that maintain a single DRA centrally for recovery.

    Windows XP no longer creates a default DRA on newly installed machines in a workgroup (standalone). This effectively prevents previous offline attacks against the administrator account. Therefore, a DRA must be created manually by a user and installed. To manually create a DRA, the cipher.exe utility must be used.

    CIPHER /R:filename
    /R Generates a PFX and a CER file with a self-signed EFS recovery
    certificate in them.
    filename A filename without extensions
    This command will generate filename.PFX (for data recovery) and filename.CER (for use in the policy). The certificate is generated in memory and deleted when the files are generated. Once the keys have been generated the certificate should be imported into the local policy and the private keys stored in a secure location.


    Even more of this here


    Pete
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  12. Farrukh

    Farrukh Bit Poster

    15
    0
    16
    hello friends

    I have done the steps of "Cipher......." and then added arecovery agent and imported the certificates as well but i am still not able to decrypt the file.
    I have defined the fulll steps in my thread "CREATING A RECOVERY AGENT" well you all can read the thread and tell my is there any step i am missing.

    Suppose i have only one machine ,XP PRO is installed on it, having two users on it then if a user encrypts a file can the administrator decrypt that file how?
     
    WIP: Preparing for MCSE

Share This Page

Loading...