Using Cipher for Default Encryption Settings

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - files on ur web directory Hi All, i found that : "In order to reduce a web application attack surface, only web application pages should be kept on the web directory and any other files should be removed to any other local folders." my questions are: 1- is that true?? and why?? 2- what are exactly the file extensions that are allowed to be left on the default web directory?? 3- what are the type of files that are considered to be vurneable???? finally, if anyone one has any reference for such a topic, i'll be happy receiving it :) thanx for ur help and reply :) Tag: Using Cipher for Default Encryption Settings Tag: 89751
  - 2
    - Lingering corruption issues from MS06-049 - KB article 925308 This new article speaks to a fix to the problem created by 06-049. If the patch is broken why is this not a re-release of the patch? I see none of the usual "Microsoft only recommends applying this to systems experiencing the problem..." I take it then that every system on which 06-049 is installed is still potentially vulnerable to file corruption. If so then 925308 is in fact a vital patch not for security's sake but for data protection's sake. MS please respond. Should we apply this fix to all systems that have 06-049 installed. Tag: Using Cipher for Default Encryption Settings Tag: 89743
  - 3
    - Important Information Check out: www.Brandon-Lands.com Tag: Using Cipher for Default Encryption Settings Tag: 89741
  - 4
    - Kerberos UDP vs TCP Hi everybody I'm facing some problems with Kerberos authentication using UDP protocol. As suggested by Microsoft using TCP protocol the problem has been solved instead. Questions: Why Microsoft uses UDP by default if there are authentication problems? What would be the global impact on the network (WAN) using Kerberos authentication through TCP? Would it be a suitable solution? Any help really appreciated. Tag: Using Cipher for Default Encryption Settings Tag: 89737
  - 5
    - Security settings change locks program I'm using Windows Server 2003 and I was trying to add a user to the user list under the security tab of a folder and it seems to just lock up when I hit apply or ok. I have let it sit for over 30 mins with no progress. I did a small subfolder and that worked. Is it just slow to apply the setting to all the sub folders? Is there a way to make this run smoother? Thanks. Tag: Using Cipher for Default Encryption Settings Tag: 89728
  - 6
    - IBM THINK PAD CAN anybody help have being given a n ibm thinkpad and cant turn on wi-fi Tag: Using Cipher for Default Encryption Settings Tag: 89726
  - 7
    - Audit Logging for the NIC Properties Is it possible to audit a network interface driver's properties? That is, an administrator goes into a local area connection, configures the NIC, and changes Flow Control (or some such driver property). Can this action be logged and audited? This is for Win2003 Server Standard Edition running in a Win2003-native Active Directory domain. Thank you in advance, J Wolfgang Goerlich Tag: Using Cipher for Default Encryption Settings Tag: 89723
  - 8
    - pki - CRL questions Designing a basic w2k3 pki for internal purposes. Three tier (root & intermediate offline, enterprise isuing). Might be expanded to support external (outside AD forest, outside internal WAN) use in the near future. Do I need to publish CRL's and AIA to external accessible webservers from the start, or can I start with internal publishing only? Can the CRL publishing list be changed for all CAs (external HTTP address added) without much reconfiguration at a later stage? What is the preferred order, when using mostly AD integrated clients: ldap or http first? I want this design to be flexible, not directly needing an extra layer of intermediate and issuing CA's when external used certs are needed, but also want to prevent making irreversible decisions... Tag: Using Cipher for Default Encryption Settings Tag: 89722
  - 9
    - ipsec ports I am going to setup IPSEC tunnels between windows servers that pass through different firewalls owned by other organizations. I need to submit requests to the other firewall admins requesting ports and protocols be opened up and I want to get it right the first time. What ports are required to be open for the handshake and communication of ipsec between two windows servers through a firewall? Thank You Erik Tag: Using Cipher for Default Encryption Settings Tag: 89720
  - 10
    - Security Updates I am wondering why no security updates from Windows Update for November. Usually by now we have them for the month. I have tried using IE7 four times and uninstalled each time and back to IE6, because it just is too much trouble to try to fix bugs. But the update icon apears in system tay to update to IE7. Is it because we are going to be forced to update to IE7 in order to get critical updates? Tag: Using Cipher for Default Encryption Settings Tag: 89718
  - 11
    - Windows Defender Does the windows defender get all spyware programs out. I have been using spyware programs for a long time and i have come across alot of spywre which cannot be removed by some programs for instance. cam it remove Vundo? or other programs which are difficult to get out? Snooza~Plz Reply asap as i think i might be watched. Tag: Using Cipher for Default Encryption Settings Tag: 89716
  - 12
    - User cannot FTP file from local disk to website. The user can connect to the website (using an FTP client software) but cannot upload a file. The client software just hangs. I (as administrator) can perform the upload. It must be a Server 2003 security issue. The client ftp program is WSPTF_Pro. -- Regards Tom Tag: Using Cipher for Default Encryption Settings Tag: 89713
  - 13
    - firewall configuratioin I do not know which of these to allow or block or make me ask I have no ideal what I am doing configuring the firewall do I block, allow theses or make them ask me? Internet Connection Sharing? Windows RPC service? DHCP protocol client? DNS protocol client? ICMP network diagnostics? Destination Unreachable? Ident Service? Protocol AH? Protocol ESP? Protocol GRE? L2TP VPN? PPTP VPN? Tag: Using Cipher for Default Encryption Settings Tag: 89712
  - 14
    - question about IAS and PEAP MS-CHAP V2 (wireless authentication) Hey guys this is my first post. I have a question about IAS, PEAP MS-CHAP V2, and wireless. I am using MS-CHAP V2 to authenticate PDAs on our wireless network. Because we are using MS-CHAP V2, we are using AD credentials to authenticate the clients. Everywhere I have read it states that we have to install the server certificate onto the device. I have found a loop hole though. Both on the wireless PDA and laptops, we can choose not to validate the server certificate. I can still authenticate to the IAS server (wireless) but I have not installed the server cert onto the device (because I have unchecked the validate server checkbox both in zero config and the wireless application). This is my question, if we don't validate the server and if we don't have the server cert, won't the transmission of the user account and password be in clear text? Is there a way on the IAS server that we have to force the clients to have the server cert or they wont be authenticated? Thanks, Peter Kim Tag: Using Cipher for Default Encryption Settings Tag: 89711
  - 15
    - Windows Firewall Exception: RunDLL32 Is it normal for RunDLL32 to show up in the Windows Firewall Exception list? How about Explorer.exe? -- Gary S. Terhune MS-MVP Shell/User http://grystmill.com/articles/cleanboot.htm http://grystmill.com/articles/security.htm Tag: Using Cipher for Default Encryption Settings Tag: 89700
  - 16
    - Someone hacked into my computer... I'm under the impression that my computer has been hacked into. It seems whoever it was took a special likeing to my school files (mainly papers I've written over time), as that folder is now empty. Fortunately windows recorded the last date and time the contents of that folder were "modified". My question is is there some way I can see who was in my computer at that time? This happened somewhat recently I'm guessing (about 2 days ago according to windows). Seeing as I was on the computer at the time specified, I know it wasn't anyone I live with. Thanks to anyone that can help. Tag: Using Cipher for Default Encryption Settings Tag: 89698
  - 17
    - Mcafee removel 'I have tried uninstalling mcafee even to the point of going on mcafee's website and downloading thier uninstall exe. It says it is compeletly uninstalled and i reboot . But then it is still in add and remove. I want to install their new mcafee security , but it will not let me because the old one is still on my comp. I have tried and am ready to throw this comp in the trash if I cant get it to do what I need. HELP HELP ! Thank you Tag: Using Cipher for Default Encryption Settings Tag: 89694
  - 18
    - security template unreadable On a windows 2000 system recently updated to sp4, I have been getting 2 regular security-rleated events in the event/application log 1) one a warning SecCli event 1202--Security policies are propagated with warning. 0xd : The data is invalid. Please look for more details in TroubleShooting section in Security Help. 2) an error: Usrenv event 1000 The Group Policy client-side extension Security was passed flags (17) and returned a failure status code of (13). None of the knowlege base articles on these errors seem to apply to my situation. Winnt\security\log\winlogon.log reports "Reading Configuration template info...Error 13: The data is invalid. secreateglobalprivilege is not a valid privilege." In the management console, windows is unable to read the basic security template. I'd appreciate it if someone could tell me if these errors are causing any practical problems--especially my inabilty to start rasman (unable to create buffers) or cannot connect with mysql (connection lost). And, if so, what's the fix? I'm not a newbie, but neither am I an expert in this area. Thanks Tag: Using Cipher for Default Encryption Settings Tag: 89692
  - 19
    - Cant open CMD/taskmanager Hi, Can anyone help me, i cannot seem to open the Command Prompt or my Taskmanager. I think i may have a virus, but cannot find it with Mcaffee. Any suggestions? Tag: Using Cipher for Default Encryption Settings Tag: 89689
  - 20
    - UserOverRide key on Win2003 I'm trying to OverRide the screeen saver seetings like a do for Win200. It's configured at: HKLM\SYSTEM\CCS\Control\Terminal Server\Winstation\ICA-TCP\USEROVERIDE\Control Panel\Desktop under this I created ScreenSaveActive = 0 ScreenSaverIsSecure = 0 ScreenSaveTimeOut = 4500 I'm using under ICA-TCP key, beucase it's for a Citrix server/connection. But it does not work for Win2003, just for Win2000 any idea? thanks in advanced.. Tag: Using Cipher for Default Encryption Settings Tag: 89683
  - 21
    - W2K3 3-tier CA Implementation I have been trying to follow all of the best practices and recommendations for a W2K3 Enterprise CA solution. I have the Root installed, still online for right now, and have been trying to get the Intermediate CA that will be used for policies set up. I would like to follow Microsoftâ??s lead and use a 10 year, 2040 bit certificate. I have copied the Subordinate Certification Authority template and increased it to 10 years, copied the new OID and description from Intermediate Certification Authority and used both of them in the CAPolicy.inf file in C:\WINDOWS, but I keep getting 2 year certificates. After resolving, I will need to create Issuing CA certificates from the Policy CA that are 5 years and 2048 bits. Thanks for ALL of the input. Tag: Using Cipher for Default Encryption Settings Tag: 89680
  - 22
    - If my computer is a single PC with ADSL connection, can I leave the password blank when I login the XP? I am not using LAN, and I am the single user of PC. Is it secure that I leave the password of user blank when I login the Windows XP? -- Thank you for your help! Tag: Using Cipher for Default Encryption Settings Tag: 89679
  - 23
    - Computer Auto Enrollment for non-windows platforms I need to enroll non-windows computers for a computer certificate that I'm planning to use for VPN. How have people done this? The non-windows computers are joined to the domain (have a real computer account, and password). I would like to write some code to auto-enroll them when they are joined to the domain. Is there any published protocol for Microsoft's Certificate Authority that can be used for this? Can enrollment be performed using HTTP? Paul Nelson Thursby Software Systems, Inc. Tag: Using Cipher for Default Encryption Settings Tag: 89674
  - 24
    - Keylogger? Recently, I noticed my Windows XP was automatically locking itself after it was idle for a certain time. This has only started in the last day or so. I recently had someone around my computer, unsupervised. I am worried that this person may have accidentally, or intentionally, installed some form of spyware on my computer. I ran Adware and Norton Anti-Virus and nothing returned, but I find it odd that this is now happening. Is this a new setting change that may have been updated in Windows Updates? Could this be a sign of spyware, keylogger, virus, etc.? Tag: Using Cipher for Default Encryption Settings Tag: 89667
  - 25
    - Local Security Policy Background: Very Recent switch from Novell to Active Directory. After joining all workstations to the new domain, we have had a couple that will logon without certain services running. I have narrowed things down to a missing entry in the local security policy. For some reason our Group Policy for the domain will not push down to these few workstation and the changes I make loaclly disappear after a reboot. Although everything will work as it is supposed tofor that one boot. Another reboot will result in the original problem. The exact change that I am making is in the secpol.msc is Local Policies > User Rights Assignment > Impersonate a client after authentication ASPNET, Administrators, SERVICE Before adding the permissins this field was blank. After a reboot it goes back to blank even though our group policy is pushing out the same settings I added locally. I just can't get it to save. I also tried to import a template with the same end result. Any ideas? Tag: Using Cipher for Default Encryption Settings Tag: 89665
- Next
  - 1
    - Assign permissions to create other users to Users account Hi, Is there a way to give an account in the Users group in XP permissions to add other User accounts? This would be similar to the capability that PowerUsers have to have create accounts in the User group. Any ideas? Thanks, Nick Tag: Using Cipher for Default Encryption Settings Tag: 89659
  - 2
    - New Tool from Microsoft System Internals A new tool from Mark Russinovich (formally of System Internals) of Microsoft is available for trouble shooting malware problems. See about Process Monitor here: http://www.eweek.com/article2/0,1895,2054266,00.asp Download from here: http://www.microsoft.com/technet/sysinternals/processesandthreads/processmonitor.mspx -- Regards, Richard Urban Microsoft MVP Windows Shell/User (For email, remove the obvious from my address) Quote from George Ankner: If you knew as much as you think you know, You would realize that you don't know what you thought you knew! Tag: Using Cipher for Default Encryption Settings Tag: 89656
  - 3
    - LSA not loading Self authincation filter What would keep LSA from loading a seft-authinication filter from loading on a 2003 Active Directory server? Tag: Using Cipher for Default Encryption Settings Tag: 89651
  - 4
    - General Recommendation I am trying to weigh the pros and cons of allowing a set of users in my enviroment to use public wireless (hotel etc). These users are s specific group (politicians). They are travelling to hotels with their laptops. The laptops could contain sensitive data and do not currently have any form of encryption etc. Does anyone have any recommendations on where to start or what to implement before allowing wireless? Tag: Using Cipher for Default Encryption Settings Tag: 89649
  - 5
    - HELP!! Please. I screwed up Group Policy Editor Hello, I'm panicked right now since I have messed up one of our training machines. We log into a NT4 Domain (Samba-Linux) basically a file server from Win XP Pro. To prevent students from running certain program I inadvertenly changed the 'Run only allowed programs' to IE and Word. I didn't realize it would affect the local Administrator account too, now I'm screwed because I cannot get back into GPEDIT to make the changes. I tried this at home on my laptop but since I am not on a domain I was able to log into Safe Mode and fix the problem but this is not the case on a machine that belongs to a Domain. Can anyone help please!!! Desperately seeking a solution. Thank you. Tag: Using Cipher for Default Encryption Settings Tag: 89648
  - 6
    - Error Code 0x80070057 Hello, A error code 0x80070057 popped up on my screen this morning. This is the first time I have seen this one, XP Home SP2 has been running problem free for a long time. The error code said: Problem preventing Windows from checking license for this computer. I do have a XXXXX-XXX-XXXXXXX-XXXXX serial number. Any help on this will be appreciated. TIA Tag: Using Cipher for Default Encryption Settings Tag: 89644
  - 7
    - Hardware considerations for PKI In your experience, any practical hardware capacity planning I should be aware when selecting hardware for a PKI infrastructure ? I am planning to use total of two physical servers for redundancy. I would put the Off-line root CA in a Virtual machine and keep it shut down. I am plannig to use a 3.0GB Pentium, 4GB RAM server. From what I have been reading there is no major prcessing power to worry about. I have total of 4 DC's, total of 15,000 user accounts, but only 6,000 clients. Tag: Using Cipher for Default Encryption Settings Tag: 89643
  - 8
    - Interoperability between Window 2000 and 2003 Enterprise CAs I have a win2k enterprise root and subordinate CA I would like to introduce another subordinate CA on our DR site. Can I introduce an enterprise win2k3 CA into the existing heirarchy (In a nutshell are they compatible)? Tag: Using Cipher for Default Encryption Settings Tag: 89642
  - 9
    - ? ccApp With Windows XP Home Edition on shut down on some occasions the window ccApp appears. What is this? Tag: Using Cipher for Default Encryption Settings Tag: 89631
  - 10
    - requesting cert from local CA: "no trusted certificate authorities I'm playing around with AD, certificates, and smart cards on a test server separated from the rest of our network. I'm currently going by http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/howto/mapcerts.mspx, trying to get a certificate that I can place on my smart card to log in with. I have a certificate authority installed on this domain controller (as a stand-alone root CA), and I can see its cert in "Trusted Root Certificate Authorities". If I try to launch the "Request New Certificate" wizard for any account, I get an error message saying the wizard could not be started because "there are no trusted certificate authorities available", or permission is denied. Is there something special I have to do to get the local machine to "trust" this CA, or some other way I should go about this? Thanks Bean Tag: Using Cipher for Default Encryption Settings Tag: 89628
  - 11
    - Services - Windows Server 2003 R2 hi, i have a code line that want to open an exsiting html file //Init ShellExecuteInfo : shlExInfo.cbSize = sizeof (SHELLEXECUTEINFO); shlExInfo.lpFile = strFileName.GetBuffer(); shlExInfo.lpParameters = NULL; //Set flags and verb shlExInfo.fMask = SEE_MASK_NOCLOSEPROCESS; shlExInfo.lpVerb = _T("open"); shlExInfo.lpDirectory = strDirName.GetBuffer(); shlExInfo.nShow = SW_SHOWNORMAL; int iRet= (int)ShellExecuteEx (&shlExInfo); it work fine on XP, and open IE with the file, but on Windows Server 2003 R2 it doesn't open the IE but return a success return value. This is a service code, yes i check that the service allow to interact with desktop. another thing is that this server not display message box. do you know any configuration seting to allow service to do so in Windows Server 2003 R2 Tag: Using Cipher for Default Encryption Settings Tag: 89625
  - 12
    - Good book for PKI implementation Hi, I was told that there is very good book on PKI implementation (related on how to avoid mistakes during the PKI implementation based on the Microsoft deployment experience). If you know the title for such book, please let me know which one it is. Thanks. Tag: Using Cipher for Default Encryption Settings Tag: 89624
  - 13
    - Role-based security from Windows Server 2003 Security Guide gives problems Hello I have an Ad-environment with 2 Windows 2003 SP1 eng server and some Windows 2003 SP1 eng member server. I have applied some EC-server policy from Microsoft document from april 2006. On Domain root I have applied EC-Domain.inf On Domain Controller OU I have applied EC-Domain Controller.inf On Member Server OU I have applied EC-Member Server Baseline.inf On sub OU Web OU I have applied EC-IIS server.inf I joined 2 new web-servers to the domain and put them in the default Computer OU. Lets call them lt104 and lt135 as servername. Now my problems starts If I from DC run My Computer > Manage > Connect to another computer, select server104 see errors in word file. If I from a member server that lies in Web OU run MBSA against all server in the domain I get errors from scanning lt104 se word file If I move the server lt104 to Web OU, none of the above errors occur. But the server lt104 needs to connect to a standalone server to get picture and I cant connect to that standalone server if lt104 is in the Web OU but it works if it lies in Computer OU. Any ideers whats causing this problem Regards Mikael Tag: Using Cipher for Default Encryption Settings Tag: 89615
  - 14
    - Scaperl: send handcrafted packets and sniff Hi, Scaperl is a portable, customizable packet creation and sending/sniffing tool written in Perl. It is based on PCAP and libdnet (and their respective Perl wrappers). It was tested on Windows XP, Linux and NetBSD. The goal is to have a minimal, portable, efficient implementation of Scapy concepts (written in Python, see Philippe Biondi's page at http://www.secdev.org/projects/scapy/), with readable, well commented code and good documentation. This is the first public release, only a few fields and dissectors have been implemented. People interested can have a look at my web page at http://sylvainsarmejeanne.free.fr/projects/scaperl for more information and for the documentation. Sylvain SARMEJEANNE Tag: Using Cipher for Default Encryption Settings Tag: 89607
  - 15
    - Is it secure to Automatic Login to users accounts in XP? Hi, I know a solution that can make users to automatic logon to their accounts in XP. Please refer to: http://kgiii.info/windows/XP/general/auto_login.html I am wondering whether the automatic login is secure or not. Does it make the OS more vulnerable for being hacked? -- Thank you for your help! Tag: Using Cipher for Default Encryption Settings Tag: 89605
  - 16
    - Generic Host process for win32 services listening to port: tcp: 135 Hi, all. My Zonealarm Firewall suggests that Generic Host process for win32 services listening to port: tcp: 135. Does it secure for my system? -- Thank you for your help! Tag: Using Cipher for Default Encryption Settings Tag: 89604
  - 17
    - My firewall asks if I can let NTVDM.EXE access the Internet Every now and then NTVDM.EXE tries to access internet and my firewall asks if that can be allowed. I kone NTVDM.EXE is used to run old 16-bit programs but I don't know why it tries to access Internet. Is that safe? thanks, Tag: Using Cipher for Default Encryption Settings Tag: 89601
  - 18
    - Spyware I recently have a couple adds ( antispyware adds) telling me I have serious viruses. Windows defender sees nothing and so did my recent earthlink protection. These items also have persistent pop-ups associated with them. Are they telling me the truth or are they the real spyware? somebody please help me with this. Thanks, Barney. Tag: Using Cipher for Default Encryption Settings Tag: 89600
  - 19
    - Is it necessary to update Realplayer, and attain all security updates for all software installed? Hi, all. Is it necessary to attain all security updates for all software installed on the system? Do I need to update Realplayer frequently? -- Thank you for your help! Tag: Using Cipher for Default Encryption Settings Tag: 89591
  - 20
    - Have I been Hacked? I had to do a clean install of my XP home edition recently ( 3 months ago ) and registered it in my own name! I have been having major problems in the past month resulting to my pc switching of randomly ( sometimes will stay on for a day without switching off and then other days every half hour or whateva ). Today I went to check My computer, properties and now see that my pc is now registered in another name ( clueless now ) I was using blueyonder firewall but decided to remove and just used the built in XP 1. Since finding the new name I have installed Free Zone Alarm and scared to let any programe in at all now. Is it posible that I have been hacked and if so, how can I change the registry information back to my own name? Any help would be really appreciated! Ty in advance to anyone who can help me! Sylviaa Tag: Using Cipher for Default Encryption Settings Tag: 89586
  - 21
    - users and local Admins As you might know, We have a domain setup where it was migrated from Windows 2000 to Windows 2003. A security review (Audit) was done by third party and their report has number of issues. One of the issues is as follows: Each user account in the domain is member of the Local Administrators on his/her respective machines. Their recommendation is to remove user accounts from Local Admins in desktops and laptops. We tested removing the users from the local admin group for a small number of test users and we faced different symptoms after that (One user canâ??t open his PST file from inside Outlook, another User canâ??t open Adobe Acrobat PDFs, another user who was able to install application was not able to uninstall them, another user was not able to enable the wireless network connection while at home). We need an official advice from Microsoft in such scenario, is it better to keep the users as members of Local Admins on their laptops and avoid creating a lot of different problems or its recommended to remove them from the Local Admin Group and point out expected problems that might arias and how to solve them. Tag: Using Cipher for Default Encryption Settings Tag: 89583
  - 22
    - Restrict Anonymous access Recently we have done a security Audit, As per their recommendation we need to change RestricAnonymous Registry settings to HKEY_LOCAL_MACHINE\system\currentcontrolset\control\LSA set to 1, to prevent access to systems null credentials Currently it is HKEY_LOCAL_MACHINE\system\currentcontrolset\control\LSA set to 0 What will be the impact if we changed to 1, any application will have issues ?(IIS,Exchnage,OWA,etc...), Please help...... Tag: Using Cipher for Default Encryption Settings Tag: 89582
  - 23
    - How to make the downloaded files scanned by Symantec Antivirus? Hi,all. I am using Symantec Antivirus. Sometimes I will add some files onto the hard disk, and I use Flashget(software for fast downloading) to download them. There is an option for installed antivirus software that can make these downloaded files scanned for virus.I chose where the AT software located and "Rtvscan.exe". But it does not work. After files downloaded, the AT software does not start scanning them, but there is a window of command line flashing for a second. I wonder if the Symantec Antivirus has scanned the files just downloaded. Please help me. -- My reply is on the top of yours. Thanks for your help! Tag: Using Cipher for Default Encryption Settings Tag: 89568
  - 24
    - locking files I have a flash drive, and i would like to put a passwork lock on it... does anyone know how. or how about locking a file? -- John Stanley Tag: Using Cipher for Default Encryption Settings Tag: 89567
  - 25
    - change client password my client are not able to change their domain password. error unable to change password They exist in a windows 2000 ad domain, as far as i can see there is no policy preventing the clients from changing their domain logon password can anyone point me in the right direction, thanks in advance Tag: Using Cipher for Default Encryption Settings Tag: 89564

We have a client who would like to encrypt data with EFS. The client would
like to have it setup so that all data folders are encrypted by default. The
client would also like to have it setup that new directories created by the
user are also tagged for encryption by default. Basically the client doesn't
want the user to "accidentally" have unencrypted data on the hard drive.

I am looking for an alternative to Whole Disk Encryption products, and I
would like to use EFS. I know EFS can not be used to protect system files or
the root directory. That's ok. My question is, can I use the cipher.exe
command to set all possible (non-system, non-root) directories to be tagged
for encryption? I am thinking about the following command:

cipher /e /i /s:c:\

I believe this will set the encryption flag for all directories starting the
root directory, and ignoring the errors (for c:\, c:\windows, & any other
system directories). My understanding is that this flag means any new files
or directories created or copied into these "encrypted-flagged" directories
will be encrypted on the write.

Then, a second command of:

cipher /e /a

could be used to actually encrypt the file data in certain directories such
as My Documents to encrypt current, existing data on the hard drive.

Does anyone have any experience with this?

Thanks
-MB

Top