A problem ....

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hello Everyone

I think many of you have cleared your XP PRO paper.
I am preparing for MCSE crtification,
thinking of giving the exam of XP PRO (70-270) in this month.

I have a problem which you might be able to solve easily:-

I have windows XP Pro,
There re two accounts 1. Administrator, 2. User
User has created a text file and put it into a folder.
He has also Encrypted that folder and the administrator wants to read that text file what will he have to do so that the user donot even know about the act of administrator?
Please Help

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Sorry Farrukh I havent had much experience with encrypted files or recovery agents so I'm unable to help you on this one.

 

Hello there,

think the admin account is a recovery agent by default so he/she should read the file no problem.

 

Well, as this looks like an attempt to get an answer to a question, not real life experience, I'll just say this: The encryption part of the question I see as a red herring. Hiding the access of the file by the administrator is the main point of the question.

 

hello

friends i am not able to decrypt the file created by the user.
Although i am loging in as an administrator but the message "Access Denied" appear as i try to open the text file.
help

 

Have you checked the files security tab to make sure that you have permissions to access the file?

 

That's the problem. You are logging in as an administrator. The recovery agent is not any account with administrator privileges. It is the administrator account. Big difference.

 

Hello friends

how will i be able to find out the permissions on that text file whose owner is the user himself?
Will i be able to find out the policy through properties and i haven't got the permission to access the file then can i decrypt the file?
I cannot get Mr.Ffreeloader, what are you trying to say friend
well administrator account and loging on as administrator are two different things then from them what should i choose to be a default recovery agent

Help

 

What I read in your post was that you were logging as an administrator, or in other words, logging on with a user account that had been given administrator privileges. That is not the same thing as logging on using the administrator account. Only the administrator account itself is given the right to read all encrptyed files. Do you understand the difference now?

 

Got your point friend but i am the administrator and am not still able to decrypt the file.
Ithink the administrator have to be upgraded as a recovery agent through some process of importing and exporting of certificates.
the process which i am using is described in the threas"CREATING A RECOVER AGENT" it is also in thic forum.
I thing i am missing something in that procedure so you might wanna give it a look. Have to go its too late gonna sleep

Bye see ya tomorrow

 

I'm thinking that the question is asking how can the user tell if the recovery agent has accessed the file, what clues might be left? Leads me to think he should copy it first

Well unless auditing is turned on for accessing files, which it isn't by default, the only way would be to look at the properties and see if the administrator had taken ownership of the file in order to try and decrypt it. Usually the owner is the creator of the file.



More info here...

Another method for data recovery is to use a central recovery workstation in the enterprise. This may be performed by using a backup utility such as ntbackup.exe to perform a raw backup of the encrypted files and then restore those files on a central recovery machine. The DRA private keys may be stored on the recovery machine or imported as necessary. This method is valuable for organizations that maintain a single DRA centrally for recovery.

Windows XP no longer creates a default DRA on newly installed machines in a workgroup (standalone). This effectively prevents previous offline attacks against the administrator account. Therefore, a DRA must be created manually by a user and installed. To manually create a DRA, the cipher.exe utility must be used.

CIPHER /R:filename
/R Generates a PFX and a CER file with a self-signed EFS recovery
certificate in them.
filename A filename without extensions
This command will generate filename.PFX (for data recovery) and filename.CER (for use in the policy). The certificate is generated in memory and deleted when the files are generated. Once the keys have been generated the certificate should be imported into the local policy and the private keys stored in a secure location.


Even more of this here


Pete

 

hello friends

I have done the steps of "Cipher......." and then added arecovery agent and imported the certificates as well but i am still not able to decrypt the file.
I have defined the fulll steps in my thread "CREATING A RECOVERY AGENT" well you all can read the thread and tell my is there any step i am missing.

Suppose i have only one machine ,XP PRO is installed on it, having two users on it then if a user encrypts a file can the administrator decrypt that file how?