EFS access

[Zyggy]

When I use EFS to encrypt data for an account in XP, I can log into another
account with admin privilages and traverse the sub-directories of the
EFS-protected parent director. Although this other account cannot open or
copy the EFS files to a different drive/partition, it can see the names of
these files, even rename them and delete them. Is there a way to use EFS to
block even the opening of an EFS protected folder from another admin
account?

I have an XP Pro machine that has a few users, all of whom are
administrators. I use the default build-in Administrator account to fix
problems and manage this machine. I use EFS to encrypt all the data created
with these other accounts. I do not want any of these users to be able even
to see the file names of the files created by the others. In fact, I don't
even want myself to be able to see this. In other words, I do not want any
backdoor to the files stored in EFS-encrypted folders, not even the ability
to open the folder to see what files are stored in it.

 

[Robert Moir]

When I use EFS to encrypt data for an account in XP, I can log into
another account with admin privilages and traverse the
sub-directories of the EFS-protected parent director. Although this
other account cannot open or copy the EFS files to a different
drive/partition, it can see the names of these files, even rename
them and delete them. Is there a way to use EFS to block even the
opening of an EFS protected folder from another admin account?

No. EFS cannot do this. NTFS permissions, however, can. Of course, NTFS
permissions can be overridden by an admin. If this is a problem for you then
you probably need to start restricting admin account access to people you
actually trust.

EFS is not some kind of magical shield of super-secret protection for
confidential files, it is simply a method of encrypting files and combining
the keys for this with the account that owns the files so that the process
is transparent to the logged in user.

 

[Jack McBarn]

When I use EFS to encrypt data for an account in XP, I can log into another
account with admin privilages and traverse the sub-directories of the
EFS-protected parent director. Although this other account cannot open or
copy the EFS files to a different drive/partition, it can see the names of
these files, even rename them and delete them. Is there a way to use EFS to
block even the opening of an EFS protected folder from another admin
account?

I have an XP Pro machine that has a few users, all of whom are
administrators. I use the default build-in Administrator account to fix
problems and manage this machine. I use EFS to encrypt all the data created
with these other accounts. I do not want any of these users to be able even
to see the file names of the files created by the others. In fact, I don't
even want myself to be able to see this. In other words, I do not want any
backdoor to the files stored in EFS-encrypted folders, not even the ability
to open the folder to see what files are stored in it.

Sorry, you can't. Try a program like PGP if it's urgent.