IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

New To recap, then.. in case this comes up with a local (L)user:
XP DOES encrypt all previous 'User Account' data (at least ... but maybe Other areas too?)
It does so with neither Notice, nor (apparently) revelation to the Doze victim/user: that it DOES.

I guess this begs the Question (in the simplistic minds of the Redmond kiddies) -- of a person wishing to do exactly what you were meaning to do:
peruse pervious setup for any number of sane reasons: possibly even to Restore same(!)

Is that about the size of it?
(So then.. just who DOES know the PW for such encryption and W.T.F. would you go, even to enter the PW !? if you had managed to find one.)


Reason #667 to Despise Doze and all who still push this masochistic turd-blossom (which, it has been established: cannot be Polished.)
And Reason #(n+1) to appreciate this iMac even more.


{{sheesh}}

New Re: To recap, then..
This is what I have learned.
  1. Windows must be told to encrypt, which may be at the file level or at the folder level. Any file written to, or folder created within, an encrypted folder will be encrypted.


  2. It is very important that the users/admins for the machine know that files are encrypted and inform any tech who will work with the machine that files are encrypted.


  3. Before reinstalling Windows, the files/directories should be decrypted to avoid the kind of problem I ran into - if at all possible (machine must boot and log in the user's account).


  4. Encryption is invisible to the user and to anyone who logs in using that account. Any other login can see all the files but not open, move or copy them, but can delete them. It is very unclear encryption is the problem because the error messages are exactly the same as for other permission problems (of which Windows has many).


  5. If the user account doesn't have a secure password you might as well not bother to encrypt - you get all the risks without any of the benefits.


  6. If you reinstall Windows, even if you use the same user name, a new user is created (this I already knew) and this new user cannot access the encrypted files.


  7. If you back up the files by copying them, they will be decrypted on the way to the backup media - thus pretty much defeating the purpose of encryption.


  8. Backups using Microsoft Backup will be encrypted, but can only be retrieved by the user owning the encryption key. If the drive has been formatted or Windows reinstalled, tough luck, the backup is unrestorable - unless you have backed up the key certificate.


  9. The certificate is backed up by a rather complex proceedure and is locked by a separate password. If you have done this procedure and remember the password you can restore the files to a re-formatted drive or reinstalled drive - or to a different machine.


  10. Windows allows for a "designated agent" to also access the files, but this must be set up in advance and will also be wiped out by a reinstall. The rules are a little more complex for domain logins - it is possible the "agent" will persist, but not dealing with a domain I didn't study that aspect.


  11. The reason I was able to recover the files is that the drive had not been seriously molested and the recovery program was able to search the disk for certificates with which it could unencrypt the encrypted files.


  12. The publisher has another version (more expensive) which can search a drive by raw sectors to find encryption keys on a reformatted drive.
In summary, encryption adds a whole new and complex layer of administrative complexity, so should be applied only where the appropriate skills are available.
New The appropriate skills, chicken blood and a dragon's tooth
--

Drew
New Thanks much, clear and complete.
And explained that way, any Doze user contemplating such can tell, I'd suppose: whether s/he Really wants to play there.

Gawd.. your tool kit by now (at retail) must cost as much as an iMac.
What a trade-off for an individual determined to be ready for any Way that Doze can create grief.
(Except for: next week's new one.)


A whole planet ... with that omnipresent subway odor.
     Windows XP Pro security problem. - (Andrew Grygus) - (10)
         You've done this? - (Another Scott) - (5)
             Done all that . . . - (Andrew Grygus) - (4)
                 Good luck with that... - (folkert) - (3)
                     Well, fortunately the filesystem wasn't encrypted . . . - (Andrew Grygus) - (2)
                         Was this yours? - (folkert) - (1)
                             It was (is) a customer's machine. - (Andrew Grygus)
         To recap, then.. in case this comes up with a local (L)user: - (Ashton) - (3)
             Re: To recap, then.. - (Andrew Grygus) - (2)
                 The appropriate skills, chicken blood and a dragon's tooth -NT - (drook)
                 Thanks much, clear and complete. - (Ashton)

Here's a banana and some string for you to hang behind you.
272 ms