E-Mail:
Get our new Windows 7 eBook (PDF) for $7 with 70+ Tips. Download Now!

Setting Up Encryption In Vista Part III

Tuesday, July 22nd, 2008
by Diana Huggins

In the Part II of this series, you learned how to encrypt files in Vista and verify that users are unable to open the encrypted files. An important point to keep in mind is that although the user is unable to open the file, they can delete the file. You might be confused as to how this is possible.

Here is the answer: The user has full-share and NTFS permissions to the file. These permissions include reading, modifying, and deleting the file. If the user does not try to open the file, the EFS subsystem isn’t required. If the user tries to open the file, the EFS subsystem intervenes and denies access. But users can simply delete the file, which they have rights to do as defined by the NTFS permissions. Remember, file encryption is used to protect the contents of a file from prying eyes. It is not designed to protect the file itself. That’s why a properly designed share and NTFS structure is still critical even when using EFS.

In Vista, multiple users can be granted rights to read and modify encrypted files. Right click the encrypted file that you want to share and click Properties. From the General tab, click the Advanced button. From the Advanced Attributes dialog box, click the Details button. Click the Add button. Select the user to whom you want to grant access to the encrypted file. Click OK. Once the appropriate user has been granted permission, they will be able to open the file.

When an encrypted file is moved or copied from its source location to a new location, it is first decrypted. But this isn’t a hole in the security scheme. To copy or move an encrypted file, you must have the ability to open the encrypted file. In fact, even if a user has NTFS rights but doesn’t have rights to decrypt the file, he or she will be greeted with an error message.

Tags
Categories

What Do You Think?

 

Posted Recently

Cloud Computing: Myths And Realities With Paul Greenberg

eMachines - A Mac-Like Form Factor

IE9 - Perhaps Not So Much

User Account Control Group Policy Settings In Windows 7

SFO - Stocks, Futures And Options Magazine

The Most Reliable Notebooks - Not HP

Live In New York: Web 2.0 Expo

Susan Bradley Patches Our Machines With Windows Server Update Services

User Account Control Notification Levels In Windows 7

VoIP Can Save Your Small Business Thousands Of Dollars

New And Updated Apps For November 18th, 2009

Still No Chrome OS

Adobe Flash On The Mobile Scene

10% Gnomie Discount For WinPatrol

User Account Control In Windows 7

Force.com White Paper: Create And Run Any Application In The Cloud

New Applications For November 17th, 2009

AT&T And The Windows 7 Notebook

DatAdmin Personal v3.4.1

jQuery Cookbook

Restrict Applications In Windows 7 With AppLocker

The Embedded Processor For An Embedded World

New And Updated Apps For November 16th, 2009

AT&T Responds To Verizon With EDGE Coverage?

Friends With Benefits: A Social Media Marketing Handbook

Windows 7 Upgrade Paths

FierceVoIP

New And Updated Apps For November 13th, 2009

Design Of Windows 7 - Does This Really Matter?

Blockbuster Finally Catching Up To Redbox?

Tokyo Cabinet In One Hour - Free Webcast, November 17th

Andy Malone Is Securing Social Networking

Tips For Scheduling Meetings

PCMag.com’s Newsletter

Hackintoshes Still Work

A VIPRE For Safekeeping

Debug It!

WirelessKeyView v1.30

Deliver Great Presentations With These Quick Tips

Phone+

53 queries / 0.555 seconds.