a 2nd person can delete a file encrypted by the 1st in EFS,Why?

hello,

i had this question in my mind for quite some time...

If efs is built to deny access of an encrypted file to a 2nd person,then why
should he be given access to delete the same file??

I have tried this scenario where 2nd person was able to delete the file
encrypted by the 1st person...

efs is about securing ur info from others...whats its use if one can just
delete ur confidential info??

Please reply..

Thanks.

EFS is about hiding the contents of a file not restricting what can be done
with the actual file itself. That is accomplished by NTFS permissions.
Normally it makes sense to use a combination of physical security, file
access permissions and encryption to protect sensitive files.

--
Kerry Brown
Microsoft MVP - Shell/User
www.vistahelp.ca/phpBB2


"greyman" <greyman@discussions.microsoft.com> wrote in message
news:5D260692-5B06-45D2-ABB4-772C62E08B79@microsoft.com...
> hello,
>
> i had this question in my mind for quite some time...
>
> If efs is built to deny access of an encrypted file to a 2nd person,then
> why
> should he be given access to delete the same file??
>
> I have tried this scenario where 2nd person was able to delete the file
> encrypted by the 1st person...
>
> efs is about securing ur info from others...whats its use if one can just
> delete ur confidential info??
>
> Please reply..
>
> Thanks.
>
>

Ok fine,so i should use the combination of file access permissions and EFS.

"Kerry Brown" wrote:

> EFS is about hiding the contents of a file not restricting what can be done
> with the actual file itself. That is accomplished by NTFS permissions.
> Normally it makes sense to use a combination of physical security, file
> access permissions and encryption to protect sensitive files.
>
> --
> Kerry Brown
> Microsoft MVP - Shell/User
> www.vistahelp.ca/phpBB2
>
>
> "greyman" <greyman@discussions.microsoft.com> wrote in message
> news:5D260692-5B06-45D2-ABB4-772C62E08B79@microsoft.com...
> > hello,
> >
> > i had this question in my mind for quite some time...
> >
> > If efs is built to deny access of an encrypted file to a 2nd person,then
> > why
> > should he be given access to delete the same file??
> >
> > I have tried this scenario where 2nd person was able to delete the file
> > encrypted by the 1st person...
> >
> > efs is about securing ur info from others...whats its use if one can just
> > delete ur confidential info??
> >
> > Please reply..
> >
> > Thanks.
> >
> >
>
>

Yes.

If the contents of a file are sensitive enough to need encryption it is also
recommended to also think about physical security as well. This means
thinking about things like: Where do I store backup copies of the key to
decrypt the file. How and where do I store backups of the file. How likely
is is that the computer storing the file or backups may be stolen. If
someone has the computer and the key to decrypt the file is on the computer
then they can crack the encryption. There are many things to consider.

--
Kerry Brown
Microsoft MVP - Shell/User
www.vistahelp.ca/phpBB2


"greyman" <greyman@discussions.microsoft.com> wrote in message
news:60E62B78-C899-4780-9B2F-4C853ABF8C7F@microsoft.com...
> Ok fine,so i should use the combination of file access permissions and
> EFS.
>
> "Kerry Brown" wrote:
>
>> EFS is about hiding the contents of a file not restricting what can be
>> done
>> with the actual file itself. That is accomplished by NTFS permissions.
>> Normally it makes sense to use a combination of physical security, file
>> access permissions and encryption to protect sensitive files.
>>
>> --
>> Kerry Brown
>> Microsoft MVP - Shell/User
>> www.vistahelp.ca/phpBB2
>>
>>
>> "greyman" <greyman@discussions.microsoft.com> wrote in message
>> news:5D260692-5B06-45D2-ABB4-772C62E08B79@microsoft.com...
>> > hello,
>> >
>> > i had this question in my mind for quite some time...
>> >
>> > If efs is built to deny access of an encrypted file to a 2nd
>> > person,then
>> > why
>> > should he be given access to delete the same file??
>> >
>> > I have tried this scenario where 2nd person was able to delete the file
>> > encrypted by the 1st person...
>> >
>> > efs is about securing ur info from others...whats its use if one can
>> > just
>> > delete ur confidential info??
>> >
>> > Please reply..
>> >
>> > Thanks.
>> >
>> >
>>
>>

"greyman" <greyman@discussions.microsoft.com> wrote in message
news:5D260692-5B06-45D2-ABB4-772C62E08B79@microsoft.com...

<snip - same multiposted message>

Learn to cross-post. Read:

http://www.cs.tut.fi/~jkorpela/usenet/xpost.html
http://en.wikipedia.org/wiki/Crossposting

Read the posts already over in your separate and disconnected post in
microsoft.public.windowsxp.general.

Well - if they do not have the password ( and it is XP+) even if you have the files/hard drive - you still can't decrypt the files.


The best example is this:
User B (non - admin) encrypts a file.
User A is the administrator but not the recovery agent.

Then, User A can delete/ copy the file but not have access to the contents.

Nik