Encryption Question in MCDST Study Book.

Discussion in 'MCDST' started by Richard H, Jul 27, 2005.

  1. Richard H

    Richard H Guest

    Hello. I am seeking some clarification on a question and answer in the MCDST
    study book.

    Question: "One of your users has a computer running Windows XP Professional
    at her office and a portable computer running XP Home. She copies the
    contents of an encrypted folder to her portable computer, which she then
    takes home with her. At home, her son often needs to use her coputer, so she
    configured a separtate user account for him. She calls you to say that her
    son can access the contents of the encrypted folder even when logging on
    using his own account. What should you tell her?"

    Answer: "Windows XP Home does not support file encryption. When the user
    copied the encrypted folder to the portable computer, file encryption was
    lost, The user has to upgrade her portable computer to XP Professional if
    she needs to maintain file encryption."

    I thought the whole point of file encryption was that even if someone else
    could obtain the file, they could not open it. For instance, I thought that
    if you went to lunch and someone sat at your computer while it was still
    logged on as yourself, and then e-mailed an encrypted file to himself, he
    would not be able to open it on the other computer. It sounds like that is
    not the case. Could someone please elaborate on this please?

    Thanks!

    Richard
     
    Richard H, Jul 27, 2005
    #1
    1. Advertising

  2. Richard H

    Wayne Guest

    Go to http://www.microsoft.com and enter "windows server 2003 encrypting
    file system" into the search (top right, usually). Look through the list,
    within the first 20 results you'll find a few good whitepapers to read.
    In the example you give below, when the user transferred the files across,
    they would have got an error message stating the file would *not* be
    encrypted if copied to this location. Try it yourself, encrypt a file and
    then try copying it to a floppy or any non-NTFS partition.

    Wayne
    Brisbane, Oz

    "Richard H" <Richard > wrote in message
    news:...
    > Hello. I am seeking some clarification on a question and answer in the
    > MCDST
    > study book.
    >
    > Question: "One of your users has a computer running Windows XP
    > Professional
    > at her office and a portable computer running XP Home. She copies the
    > contents of an encrypted folder to her portable computer, which she then
    > takes home with her. At home, her son often needs to use her coputer, so
    > she
    > configured a separtate user account for him. She calls you to say that
    > her
    > son can access the contents of the encrypted folder even when logging on
    > using his own account. What should you tell her?"
    >
    > Answer: "Windows XP Home does not support file encryption. When the user
    > copied the encrypted folder to the portable computer, file encryption was
    > lost, The user has to upgrade her portable computer to XP Professional if
    > she needs to maintain file encryption."
    >
    > I thought the whole point of file encryption was that even if someone else
    > could obtain the file, they could not open it. For instance, I thought
    > that
    > if you went to lunch and someone sat at your computer while it was still
    > logged on as yourself, and then e-mailed an encrypted file to himself, he
    > would not be able to open it on the other computer. It sounds like that
    > is
    > not the case. Could someone please elaborate on this please?
    >
    > Thanks!
    >
    > Richard
     
    Wayne, Jul 28, 2005
    #2
    1. Advertising

  3. As you said, if someone "sat at your computer while it was still logged on
    as yourself, and then e-mailed an encrypted file to himself," they would be
    able to read the file. Effectivly they are decrypting the file and then
    using it. It is not true that once a file is encrypted, it is always
    encrypted. The point of the encryption is that if someone picked up your
    computer and walked out the door with it, they would not be able to just
    copy the file and read it. Also, someone who wasn't you would not be able to
    read the encrypted files when not logged on as you. You, however, can do
    whatever you want with your file including permanently decrypting it.


    "Richard H" <Richard > wrote in message
    news:...
    > Hello. I am seeking some clarification on a question and answer in the

    MCDST
    > study book.
    >
    > Question: "One of your users has a computer running Windows XP

    Professional
    > at her office and a portable computer running XP Home. She copies the
    > contents of an encrypted folder to her portable computer, which she then
    > takes home with her. At home, her son often needs to use her coputer, so

    she
    > configured a separtate user account for him. She calls you to say that

    her
    > son can access the contents of the encrypted folder even when logging on
    > using his own account. What should you tell her?"
    >
    > Answer: "Windows XP Home does not support file encryption. When the user
    > copied the encrypted folder to the portable computer, file encryption was
    > lost, The user has to upgrade her portable computer to XP Professional if
    > she needs to maintain file encryption."
    >
    > I thought the whole point of file encryption was that even if someone else
    > could obtain the file, they could not open it. For instance, I thought

    that
    > if you went to lunch and someone sat at your computer while it was still
    > logged on as yourself, and then e-mailed an encrypted file to himself, he
    > would not be able to open it on the other computer. It sounds like that

    is
    > not the case. Could someone please elaborate on this please?
    >
    > Thanks!
    >
    > Richard
     
    msnews.microsoft.com, Jul 28, 2005
    #3
  4. Richard;
    "...someone sat at your computer while it was still logged on as
    yourself..."
    You have a major security issue and it has nothing to do with technology, in
    fact there is really no technological solution.
    If sensitive data is involved, you MUST log off or there is nothing to
    protect your data.
    When they copy the data to floppy, Email the data etc, the data is first
    decrypted.

    See the links near the bottom of this page for more information:
    http://www3.telus.net/dandemar/encrypt.htm

    --
    Jupiter Jones [MVP]
    http://www3.telus.net/dandemar
    http://www.dts-l.org


    "Richard H" <Richard > wrote in message
    news:...
    > Hello. I am seeking some clarification on a question and answer in the
    > MCDST
    > study book.
    >
    > Question: "One of your users has a computer running Windows XP
    > Professional
    > at her office and a portable computer running XP Home. She copies the
    > contents of an encrypted folder to her portable computer, which she then
    > takes home with her. At home, her son often needs to use her coputer, so
    > she
    > configured a separtate user account for him. She calls you to say that
    > her
    > son can access the contents of the encrypted folder even when logging on
    > using his own account. What should you tell her?"
    >
    > Answer: "Windows XP Home does not support file encryption. When the user
    > copied the encrypted folder to the portable computer, file encryption was
    > lost, The user has to upgrade her portable computer to XP Professional if
    > she needs to maintain file encryption."
    >
    > I thought the whole point of file encryption was that even if someone else
    > could obtain the file, they could not open it. For instance, I thought
    > that
    > if you went to lunch and someone sat at your computer while it was still
    > logged on as yourself, and then e-mailed an encrypted file to himself, he
    > would not be able to open it on the other computer. It sounds like that
    > is
    > not the case. Could someone please elaborate on this please?
    >
    > Thanks!
    >
    > Richard
     
    Jupiter Jones [MVP], Jul 29, 2005
    #4
  5. Hey I know:
    You're thinking of IRM. (or DRM and I think I've seen it called CRM once)
    http://www.microsoft.com/technet/prodtechnol/office/office2003/operate/of03irm.mspx

    With IRM you can specify whether someone can print, copy, read, change,
    etc.. If someone sat at your computer and emailed an IRM protected file to
    themselves, they wouldn't be able to read the document unless they had been
    given permission. Also, since the RMS *should* be auditable, at least you'd
    know someone sat at you computer, and say, chaged the permissions so they
    could read the file on their computer.

    Richard





    "Richard H" <Richard > wrote in message
    news:...
    > Hello. I am seeking some clarification on a question and answer in the

    MCDST
    > study book.
    >
    > Question: "One of your users has a computer running Windows XP

    Professional
    > at her office and a portable computer running XP Home. She copies the
    > contents of an encrypted folder to her portable computer, which she then
    > takes home with her. At home, her son often needs to use her coputer, so

    she
    > configured a separtate user account for him. She calls you to say that

    her
    > son can access the contents of the encrypted folder even when logging on
    > using his own account. What should you tell her?"
    >
    > Answer: "Windows XP Home does not support file encryption. When the user
    > copied the encrypted folder to the portable computer, file encryption was
    > lost, The user has to upgrade her portable computer to XP Professional if
    > she needs to maintain file encryption."
    >
    > I thought the whole point of file encryption was that even if someone else
    > could obtain the file, they could not open it. For instance, I thought

    that
    > if you went to lunch and someone sat at your computer while it was still
    > logged on as yourself, and then e-mailed an encrypted file to himself, he
    > would not be able to open it on the other computer. It sounds like that

    is
    > not the case. Could someone please elaborate on this please?
    >
    > Thanks!
    >
    > Richard
     
    msnews.microsoft.com, Jul 29, 2005
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Tazman

    MCDST Study Material

    Tazman, Jan 9, 2005, in forum: Microsoft Certification
    Replies:
    1
    Views:
    512
    =?Utf-8?B?Qm9iYnk=?=
    Jan 10, 2005
  2. =?Utf-8?B?YTE0NG1i?=

    MCDST Study Material

    =?Utf-8?B?YTE0NG1i?=, Mar 27, 2006, in forum: Microsoft Certification
    Replies:
    1
    Views:
    1,555
    Darth Windows
    Mar 28, 2006
  3. =?iso-8859-1?Q?-=3D|__=28=BAL=BA=29__|=3D-____o=3D

    Which hard drive encryption program has the strongest tested encryption & security?

    =?iso-8859-1?Q?-=3D|__=28=BAL=BA=29__|=3D-____o=3D, Sep 24, 2004, in forum: Computer Security
    Replies:
    6
    Views:
    3,912
    Kornholio
    Feb 20, 2008
  4. Mark

    MCDST Course book question

    Mark, Feb 24, 2005, in forum: MCDST
    Replies:
    1
    Views:
    332
    Dr Nova
    Feb 24, 2005
  5. =-Zero@HK-=ASP.Net / VB
    Replies:
    0
    Views:
    483
    =-Zero@HK-=ASP.Net / VB
    Aug 23, 2005
Loading...

Share This Page