EFS for the entire user profile

  • Thread starter Thread starter Michael D. Ober
  • Start date Start date
M

Michael D. Ober

Is is possible/advisable to encrypt the entire user profile for a logged in
user? The machine is a laptop.

Thanks
Mike Ober.
 
It is not possible because the user profile contains the EFS private key in
the application data\Microsoft\crypto folder. You can however encrypt other
folders that have data that you want to secure such as my documents folder.
FYI Windows 2000 does not have a very secure version of EFS because all an
attacker has to do is to use a password reset disk to reset the built in
administrator account password that is by default the RA and then can access
any EFS file on the computer. XP Pro fixed that vulnerability. You can
export/delete the EFS private key for your user account and RA account but
that gets to be real tedious because you need to import them again to access
EFS files. --- Steve
 
Thanks, Steve.

Mike Ober.

Steven L Umbach said:
It is not possible because the user profile contains the EFS private key in
the application data\Microsoft\crypto folder. You can however encrypt other
folders that have data that you want to secure such as my documents folder.
FYI Windows 2000 does not have a very secure version of EFS because all an
attacker has to do is to use a password reset disk to reset the built in
administrator account password that is by default the RA and then can access
any EFS file on the computer. XP Pro fixed that vulnerability. You can
export/delete the EFS private key for your user account and RA account but
that gets to be real tedious because you need to import them again to access
EFS files. --- Steve
Click to expand...
 
Back
Top