Administrative Privileges

  • Thread starter Thread starter Philip
  • Start date Start date
P

Philip

I am experimenting with Permissions and encryption on my notebook.
Using XP Pro.

According to Help, the administrator is supposed to be able to bypass
all security settings. However, when I modify permissions or add
encryption to a folder as a PowerUser, the administrator is unable to
access those folders or files.

Am I doing something wrong?
 
HOW TO: Create and Configure User Accounts in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;279783&Product=winxp

HOW TO: Set, View, Change, or Remove Special Permissions for Files and Folders in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;308419&Product=winxp

Before you encrypt anything important, you should back up your
personal encryption certificate (with its associated private key)
and the recovery agent certificate to a floppy disk and store it in
a secure location. If you ever lose your original certificate
(because of a hard disk failure, for example), you can restore
the backup copy and regain access to your files. If you lose all
copies of your certificate (and no recovery agent certificates exist),
you won't be able to use your encrypted files. No back door exists,
nor is there any practical way to hack these files.
(If there were, it wouldn't be very good encryption.)

HOW TO: Remove File Encryption in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;EN-US;308993

Without a backup of the original Encryption Certificate Key, encrypted files
are unrecoverable as they will stay encrypted forever. There is no recovery
method since the encryption algorithm is now completely different with a
reinstall of Windows XP.

See if the following articles help in any way:

HOW TO: Take Ownership of a File or Folder in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;308421

Best Practices for the Encrypting File System
http://support.microsoft.com/default.aspx?scid=kb;en-us;223316

Encrypting File System in Windows XP
http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx

EFS Files Appear Corrupted When You Open Them
http://support.microsoft.com/default.aspx?scid=kb;en-us;329741

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect your PC!
http://www.microsoft.com/security/protect/

----------------------------------------------------------------------------------


|I am experimenting with Permissions and encryption on my notebook.
| Using XP Pro.
|
| According to Help, the administrator is supposed to be able to bypass
| all security settings. However, when I modify permissions or add
| encryption to a folder as a PowerUser, the administrator is unable to
| access those folders or files.
|
| Am I doing something wrong?
 
For permissions-- administrators are still restricted by security settings.
(In fact, an administrator can even lock himself out of a resource-- there
are even a few scenarios where this is desirable.)

However, an administrator can always simply go in, take ownership and then
reset the permissions to anything else thereby giving himself access. So
yes he can bypass security but it may take some manual work to reset the
permissions.
 
Back
Top