NTFS Encrypting File System

  • Thread starter Thread starter Rik Smithies
  • Start date Start date
R

Rik Smithies

Is it possible to programatically create an encrypted directory that
is based on a key created on the fly, and not tied to any logon
account ? This would be an area that an application could use for safe
temporary storage of sensitive data no matter who was logged on.
thanks
Rik
 
Not with EFS. Directories themselves aren't encrypted - they're marked such
that files created in them will be. Files are always encrypted in the
context of the user that created them.

Encrypting with service accounts gives nominal security at best. EFS
depends on DPAPI. DPAPI ultimately uses a user's password to encrypt a key
or, if running in system context, uses an LSA secret.
 
You must log in or register to reply here.

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Problem with file Decryption in NTFS file system 3
How to recover encrypted files on an NTFS volume? 6
Encryption of Credit Card files 3
How secure is my nonencrypted Admin2's Documents directory? 10
Certificates, Keys, Mobile Users, Intended Usage 2
EFS OST File Encryption 1
Encryption?? 5
NTFS Encryption / Smartcard 3

Back
Top