I'd suggest an option to remove or hide these menu items.
There are already far too many 'no-hoper' techsupport calls from users who've lost large amounts of data to EFS through using it without understanding the need to backup encryption-keys. (or even what encryption keys are, for that matter.)
Better to minimise the risk by not inviting rookies to try it out. (Same could be said to Microsoft, of course, though I doubt they'd listen!)
NTFS Encryption options
-
- ALTAP Staff
- Posts: 5231
- Joined: 08 Dec 2005, 06:34
- Location: Novy Bor, Czech Republic
- Contact:
Unfortunately, besides the Files > NTFS Commands submenu there is also Files > Change Attributes command and right-click > Properties (> Advanced) dialog box. The last one is a standard system dialog box which we cannot change.
Btw, do you know about EFS Recovery Agent? Do you use it?
http://en.wikipedia.org/wiki/Encrypting ... ator_login
Btw, do you know about EFS Recovery Agent? Do you use it?
http://en.wikipedia.org/wiki/Encrypting ... ator_login
Yes I know about recovery agent, but it's only of use in a very limited number of situations. If the user's done anything that replaces the profile folders then it's no help.
By contrast with the likes of Truecrypt that situation doesn't generally arise because the user is well-aware of the need for a key, and the consequences of losing it. It's the transparency and apparent ease of use that's the danger with EFS.
By contrast with the likes of Truecrypt that situation doesn't generally arise because the user is well-aware of the need for a key, and the consequences of losing it. It's the transparency and apparent ease of use that's the danger with EFS.
-
- ALTAP Staff
- Posts: 5231
- Joined: 08 Dec 2005, 06:34
- Location: Novy Bor, Czech Republic
- Contact:
EFS can be disabled with a Group Policy (see http://searchwindowssecurity.techtarget ... 53,00.html) .
-
- ALTAP Staff
- Posts: 5231
- Joined: 08 Dec 2005, 06:34
- Location: Novy Bor, Czech Republic
- Contact:
How to turn off EFS on Windows 2000 and XP please look at http://support.microsoft.com/kb/288579
In the Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\EFS
create a new DWORD value named EfsConfiguration and set value to 1 (EFS turned off). Then restart the computer.
Salamander will display following message box:
In the Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\EFS
create a new DWORD value named EfsConfiguration and set value to 1 (EFS turned off). Then restart the computer.
Salamander will display following message box: