At 12:42 PM 12/20/2001, Geoff Sweet wrote: >Commenting on the loss of user data below: I don't think this is a >critical issue. By default Win2K/XP adds the local Administrator as a >Encrypted Data Recovery Agent. So while the pain-in-the-arse factor is >there of needing to reset the password via the admin account, any >encrypted data won't be lost due to loss of private key. The >Administrator can still recover the data, then the user can re-encrypt it >with his/her new credentials. In case anyone's wondering how this works, the EFS encrypts the file with a random key that is then encrypted with the public keys of the owner of the file, and all EFS Recovery Agents at the time. You may have no recovery agents, or one or more. [Windows 2000 requires _one_ recovery agent at least, to have EFS]. Check out http://www.microsoft.com/windows2000/techinfo/howitworks/security/encrypt.asp for more details of the Windows 2000 version - I'm not sure where the XP documentation is, but I had this link handy. Alun. ~~~~ -- Texas Imperial Software | Try WFTPD, the Windows FTP Server. Find us at 1602 Harvest Moon Place | http://www.wftpd.com or email alun@texis.com Cedar Park TX 78613-1419 | VISA/MC accepted. NT-based sites, be sure to Fax/Voice +1(512)258-9858 | read details of WFTPD Pro for NT.
