The Encrypting File System (EFS) is used in Windows to encrypt files so they cannot be read even using an offline attack. Check out
http://itfreetraining.com for more of our always free training videos. In order to ensure you can always access encrypted files, Windows allows a DRA to be created. A DRA is anther user that can access any files encrypted. This video looks at how the encrypted file system works and how to configure a DRA.
03:11 demo on how to encrypt files
05:52 exporting the EFS certificate using cipher /r:filename
06:22 Configuring a DRA using group policy HKEY\Computer configuration\Windows Settings\Security Settings\Public Key Polices\Encrypting file system
How EFS works
A file is encrypted with a symmetric key. This is the same style of algorithm used to secure compressed files like zip. The same password or key is used to encrypt the file as decrypt the file. The symmetric key is randomized for each file and thus you need some where to store all these symmetric keys. The easiest place to store the symmetric key is in the file itself. That way if the file is moved to a different computer or hard disk the key is always present with the file.
In order to make sure that the symmetric key is stored in the file can't be read, the symmetric key is encrypted using an EFS certificate. An EFS certificate is generated for the user when they encrypt there first file or by running the command cipher /k. In a domain environment you can also configure a certificate authority to create and manage these certificates. This essentially means the certificates are generated by Active Directory and store in Active Directory.
A certificate uses asymmetric keys. Asymmetric keys are when you have two keys. One key to encrypt the file and one to decrypt the file. Neither key will perform both functions. This means that when the symmetric key is encrypted with the public key it can be read without the private key. This protects the symmetric key.
In order to protect the EFS certificate stored on the computer it is encrypted using the users password. When the users logs on the users password is used to access the certificate and thus get access to the private keys in the certificate.
This is why when changing the users password you should always be logged in as the user. This way Windows can access the EFS certificate and change the password. If you are logged in as anther user and you use the administrators tools to change the password the password will not be updated on the EFS certificate and access to the EFS certificate will be lost.
In order to ensure you can always access encrypted files you can firstly backup your EFS certificates. Secondly you can configure a DRA. A DRA is anther user that has access to the encrypted files. EFS does this by adding another symmetric key to the file which is encrypted using the DRA's EFS public key.
Setting up a DRA
A DRA is anther user that has access to encrypted files. The DRA will only be able to access files that were encrypted after it was setup. In order to configure a DRA the certificate for the DRA user must be exported using the command cipher /r:filename. Once the cer and pfk files are exported, the certificates public key (cer file) can be added to the "HKEY\Computer configuration\Windows Settings\Security Settings\Public Key Polices\Encrypting file system". In order to read encrypted files, the pfk file needs to be added to the computer you want to read the files on. This case is done by double clicking the pfk file and finishing the wizard.
See http://itfreetraining.com or http://youtube.com/ITFreeTraining for are always free training videos. This is only one video of the completely free course for the 70-680 exam available for free on you tube.
MCTS 70-680: Encrypting File System (EFS) | |
| 24,185 views views | followers |
| 99 Likes | 99 Dislikes |
| Education | Upload TimePublished on 23 Oct 2011 |
Không có nhận xét nào:
Đăng nhận xét