I bought a new Western Digital Caviar 250GB HD and I will use it to store
drive image 2002 image files of my windows xp professional laptop and
desktop system discs and Confidential information so I formatted the HD in
NTFS file system my question is the following :
- If I encript the contents of some folders with confidential information
like password and other stuff and I have a system disaster that I need to
make a clean installation of windows xp professional, is it possible to read
again all the encripted files and non-encripted files in the 250GB HD
formatted in the NTFS file system or I will loose access to them forever or
I need to make again an account in windows xp professional with the same
username and password in order to get again access to that files ??

I read that NTFS is better than FAT32 because of file corruptions when power
goes down or other stuff in that cases NTFS is more secure but I need to
know if that security can not give a negative impact in my important data
backups as I'm a system administrator and never tryed to encript files
because the last HD for backups was formatted in FAT32.

Thanks in advance , I will wait for your good answers to my question.

DJ_Alex. - www.djalex.net - www.miradouro.net - msn messenger:

how are you encrypting the files? if you're using EFS then you should make
sure you have a backup of the key used to encrypt the data.

as for NTFS being more robust than FAT - yes, it is, NTFS is a journaling
file system, it's a little like a database in that respect.

--

Cheers, Michael
Writing Secure Code 2nd Edition
(http://www.microsoft.com/MSPress/books/5957.asp)

This posting is provided "AS IS" with no warranties, and confers no rights.
OR if you wish to include a script sample in your post please add "Use of
included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm"
"Alexandro Dario Pestana" > wrote in message
...
> I bought a new Western Digital Caviar 250GB HD and I will use it to store
> drive image 2002 image files of my windows xp professional laptop and
> desktop system discs and Confidential information so I formatted the HD in
> NTFS file system my question is the following :
> - If I encript the contents of some folders with confidential information
> like password and other stuff and I have a system disaster that I need to
> make a clean installation of windows xp professional, is it possible to
read
> again all the encripted files and non-encripted files in the 250GB HD
> formatted in the NTFS file system or I will loose access to them forever
or
> I need to make again an account in windows xp professional with the same
> username and password in order to get again access to that files ??
>
> I read that NTFS is better than FAT32 because of file corruptions when
power
> goes down or other stuff in that cases NTFS is more secure but I need to
> know if that security can not give a negative impact in my important data
> backups as I'm a system administrator and never tryed to encript files
> because the last HD for backups was formatted in FAT32.
>
> Thanks in advance , I will wait for your good answers to my question.
>
> DJ_Alex. - www.djalex.net - www.miradouro.net - msn messenger:
>
>
>

forgot to add how to backup the EFS key..

read this http://support.microsoft.com/default.aspx?scid=kb;en-us;241201

--

Cheers, Michael
Writing Secure Code 2nd Edition
(http://www.microsoft.com/MSPress/books/5957.asp)

This posting is provided "AS IS" with no warranties, and confers no rights.
OR if you wish to include a script sample in your post please add "Use of
included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm"
"Alexandro Dario Pestana" > wrote in message
...
> I bought a new Western Digital Caviar 250GB HD and I will use it to store
> drive image 2002 image files of my windows xp professional laptop and
> desktop system discs and Confidential information so I formatted the HD in
> NTFS file system my question is the following :
> - If I encript the contents of some folders with confidential information
> like password and other stuff and I have a system disaster that I need to
> make a clean installation of windows xp professional, is it possible to
read
> again all the encripted files and non-encripted files in the 250GB HD
> formatted in the NTFS file system or I will loose access to them forever
or
> I need to make again an account in windows xp professional with the same
> username and password in order to get again access to that files ??
>
> I read that NTFS is better than FAT32 because of file corruptions when
power
> goes down or other stuff in that cases NTFS is more secure but I need to
> know if that security can not give a negative impact in my important data
> backups as I'm a system administrator and never tryed to encript files
> because the last HD for backups was formatted in FAT32.
>
> Thanks in advance , I will wait for your good answers to my question.
>
> DJ_Alex. - www.djalex.net - www.miradouro.net - msn messenger:
>
>
>

Doing a search in Help and Support on your Start menu for "encryption" gives
some useful articles you might want to read. One is for backing up default
recovery keys to a floppy. Doing this will allow you access to the encrypted
files again after a disaster. Others discuss how to recover if you are on a
Domain etc. Here is the section on creating your own recovery floppy:

To back up default recovery keys to a floppy disk

1.. Click Start, click Run, type mmc, and then click OK.
2.. On the File menu, click Add/Remove Snap-in, and then click Add.
3.. Under Add Standalone Snap-in, click Certificates, and then click Add.
4.. Click My user account, and then click Finish.
5.. Click Close, and then click OK.
6.. Double-click Certificates - Current User, double-click Personal, and
then double-click Certificates.
7.. Click the certificate that displays the words File Recovery in the
Intended Purposes column.
8.. Right-click the certificate, point to All Tasks, and then click
Export.
9.. Follow the instructions in the Certificate Export Wizard to export the
certificate and associated private key to a .pfx file format.
Notes

a.. This operation must be performed by the recovery agent account that
has the recovery certificate and private key in their private store.
b.. Before making any changes to the default recovery policy, be sure to
secure the default recovery private key. The default recovery keys in a
domain are stored on the first domain controller for the domain. The domain
administrator is the default recovery agent.
c.. For more information about using Certificates in MMC, see Related
Topics.
Related Topics




I recommend reading through these carefully before encrypting your important
data.


--
Joshua Smith
DirectInput Test Lab

-----
This posting is provided "AS IS" with no warranties, and confers no rights
"Alexandro Dario Pestana" > wrote in message
...
> I bought a new Western Digital Caviar 250GB HD and I will use it to store
> drive image 2002 image files of my windows xp professional laptop and
> desktop system discs and Confidential information so I formatted the HD in
> NTFS file system my question is the following :
> - If I encript the contents of some folders with confidential information
> like password and other stuff and I have a system disaster that I need to
> make a clean installation of windows xp professional, is it possible to
read
> again all the encripted files and non-encripted files in the 250GB HD
> formatted in the NTFS file system or I will loose access to them forever
or
> I need to make again an account in windows xp professional with the same
> username and password in order to get again access to that files ??
>
> I read that NTFS is better than FAT32 because of file corruptions when
power
> goes down or other stuff in that cases NTFS is more secure but I need to
> know if that security can not give a negative impact in my important data
> backups as I'm a system administrator and never tryed to encript files
> because the last HD for backups was formatted in FAT32.
>
> Thanks in advance , I will wait for your good answers to my question.
>
> DJ_Alex. - www.djalex.net - www.miradouro.net - msn messenger:
>
>
>


begin 666 note.gif
M1TE&.#EA"@`*`+/_`(V,C?__S/_,`/\%!?]=7<# P-/3T\# P(6%A0("`@``
M`````````````````````"'Y! $```4`+ `````*``H`0 0H$,AI#AD@Z)U*
AR1HB)(8'<N,7&EJG;JV )```[
`
end

Please help me. I need to know what to do so no-one can
open or use my computer when I'm not at home. How can I
prevent them from opening windows to access my internet or
computer it self. Leaving town tonight need help A.S.A.P
Please reply back. First time owning my computer.
Thank You,
Deborah

Thanks a lot for your help !

Alexandro Pestana, Student of systems and informatics engineering in
Portugal.

Thanks a lot for your help !

Alexandro Pestana, Student of systems and informatics engineering in
Portugal.

I'm using the EFS builted in Windows XP Professional.

Just to add a little here . . .

David Cross's all-and-everything paper on using EFS in XP=20
Data Protection and Recovery in Windows XP
http://microsoft.com/WINDOWSXP/pro/techinfo/administration/recovery
should be on your reading list if you are to use EFS.

I would recommend to you that :

You do define a recovery agent (DRA) and export and save=20
externally its cert/key, just as you will for your own account's=20
EFS cert/key. However, consider removing the DRA's private=20
decryption key from the system.

Rather than setting the entire drive to use EFS encryption,=20
set top level folders so that you may have an area that is=20
and an area that is not encrypted. This way, larger files=20
or ones that are unimportant, are executables, etc. can be=20
spared the encryption overhead. Notice that NTbackups=20
can be set to require a password for use.

Before you begin using EFS in earnest, experiment.
After your cert/key has been exported and saved externally,
try deleting it, which forces you to have to import it from=20
the external media. When you do this, you will be offered=20
to have a prompt when the decryption key is used. Do Not=20
select this - say to use it without prompts or EFS will not=20
work. This experiment simulates what you would have to=20
do after a forced need to reinstall. Similarly, test out using=20
the DRA on encrypted files.

Another article of interest:
Best Practices for Encrypting File System
http://support.microsoft.com/?id=3D223316


--=20
Roger=20

"Alexandro Dario Pestana" > wrote in message =
...
> I bought a new Western Digital Caviar 250GB HD and I will use it to =
store
> drive image 2002 image files of my windows xp professional laptop and
> desktop system discs and Confidential information so I formatted the =
HD in
> NTFS file system my question is the following :
> - If I encript the contents of some folders with confidential =
information
> like password and other stuff and I have a system disaster that I need =
to
> make a clean installation of windows xp professional, is it possible =
to read
> again all the encripted files and non-encripted files in the 250GB HD
> formatted in the NTFS file system or I will loose access to them =
forever or
> I need to make again an account in windows xp professional with the =
same
> username and password in order to get again access to that files ??
>=20
> I read that NTFS is better than FAT32 because of file corruptions when =
power
> goes down or other stuff in that cases NTFS is more secure but I need =
to
> know if that security can not give a negative impact in my important =
data
> backups as I'm a system administrator and never tryed to encript files
> because the last HD for backups was formatted in FAT32.
>=20
> Thanks in advance , I will wait for your good answers to my question.
>=20
> DJ_Alex. - www.djalex.net - www.miradouro.net - msn messenger:
>
>=20
>

You can set up a bios password. When your computer is
booting up it will tell you a key to press to enter setup
(normally F2). When you enter the bios go to the security
tab and set a supervisor password and a user password.
Make them the same.after that press F10 and a password
prompt should come up before your pc boots.


>-----Original Message-----
>Please help me. I need to know what to do so no-one can
>open or use my computer when I'm not at home. How can I
>prevent them from opening windows to access my internet
or
>computer it self. Leaving town tonight need help A.S.A.P
>Please reply back. First time owning my computer.
>Thank You,
>Deborah
>.
>

If I don't encript any files in the NTFS HD and I make a fresh installation
of windows xp professional I will get access again to all files in the NTFS
volume without do anything special, right ?
Thanks.

Alexandro.

"Alexandro Dario Pestana" > wrote in message =
...
> If I don't encript any files in the NTFS HD and I make a fresh =
installation
> of windows xp professional I will get access again to all files in the =
NTFS
> volume without do anything special, right ?
> Thanks.
>=20
> Alexandro.
>=20
>=20

Yes, almost. But the recovery is simple and certain.
Things that were private, not accessible to built-ins=20
like Administators, may give a brief hurdle, and you=20
will need to take ownership of them. But doing this=20
is no problem. With EFS if you are not prepared=20
beforehand you may have some real pain. If you=20
are prepared, then EFS offers its advantages to you.

--=20
Roger=20

Thanks a lot for your help !

Alexandro Pestana, Student of systems and informatics engineering in
Portugal.

Thanks a lot for your help !

Alexandro Pestana, Student of systems and informatics engineering in
Portugal.

I'm using the EFS builted in Windows XP Professional.

Just to add a little here . . .

David Cross's all-and-everything paper on using EFS in XP=20
Data Protection and Recovery in Windows XP
http://microsoft.com/WINDOWSXP/pro/techinfo/administration/recovery
should be on your reading list if you are to use EFS.

I would recommend to you that :

You do define a recovery agent (DRA) and export and save=20
externally its cert/key, just as you will for your own account's=20
EFS cert/key. However, consider removing the DRA's private=20
decryption key from the system.

Rather than setting the entire drive to use EFS encryption,=20
set top level folders so that you may have an area that is=20
and an area that is not encrypted. This way, larger files=20
or ones that are unimportant, are executables, etc. can be=20
spared the encryption overhead. Notice that NTbackups=20
can be set to require a password for use.

Before you begin using EFS in earnest, experiment.
After your cert/key has been exported and saved externally,
try deleting it, which forces you to have to import it from=20
the external media. When you do this, you will be offered=20
to have a prompt when the decryption key is used. Do Not=20
select this - say to use it without prompts or EFS will not=20
work. This experiment simulates what you would have to=20
do after a forced need to reinstall. Similarly, test out using=20
the DRA on encrypted files.

Another article of interest:
Best Practices for Encrypting File System
http://support.microsoft.com/?id=3D223316


--=20
Roger=20

"Alexandro Dario Pestana" > wrote in message =
...
> I bought a new Western Digital Caviar 250GB HD and I will use it to =
store
> drive image 2002 image files of my windows xp professional laptop and
> desktop system discs and Confidential information so I formatted the =
HD in
> NTFS file system my question is the following :
> - If I encript the contents of some folders with confidential =
information
> like password and other stuff and I have a system disaster that I need =
to
> make a clean installation of windows xp professional, is it possible =
to read
> again all the encripted files and non-encripted files in the 250GB HD
> formatted in the NTFS file system or I will loose access to them =
forever or
> I need to make again an account in windows xp professional with the =
same
> username and password in order to get again access to that files ??
>=20
> I read that NTFS is better than FAT32 because of file corruptions when =
power
> goes down or other stuff in that cases NTFS is more secure but I need =
to
> know if that security can not give a negative impact in my important =
data
> backups as I'm a system administrator and never tryed to encript files
> because the last HD for backups was formatted in FAT32.
>=20
> Thanks in advance , I will wait for your good answers to my question.
>=20
> DJ_Alex. - www.djalex.net - www.miradouro.net - msn messenger:
>
>=20
>

You can set up a bios password. When your computer is
booting up it will tell you a key to press to enter setup
(normally F2). When you enter the bios go to the security
tab and set a supervisor password and a user password.
Make them the same.after that press F10 and a password
prompt should come up before your pc boots.


>-----Original Message-----
>Please help me. I need to know what to do so no-one can
>open or use my computer when I'm not at home. How can I
>prevent them from opening windows to access my internet
or
>computer it self. Leaving town tonight need help A.S.A.P
>Please reply back. First time owning my computer.
>Thank You,
>Deborah
>.
>

If I don't encript any files in the NTFS HD and I make a fresh installation
of windows xp professional I will get access again to all files in the NTFS
volume without do anything special, right ?
Thanks.

Alexandro.

"Alexandro Dario Pestana" > wrote in message =
...
> If I don't encript any files in the NTFS HD and I make a fresh =
installation
> of windows xp professional I will get access again to all files in the =
NTFS
> volume without do anything special, right ?
> Thanks.
>=20
> Alexandro.
>=20
>=20

Yes, almost. But the recovery is simple and certain.
Things that were private, not accessible to built-ins=20
like Administators, may give a brief hurdle, and you=20
will need to take ownership of them. But doing this=20
is no problem. With EFS if you are not prepared=20
beforehand you may have some real pain. If you=20
are prepared, then EFS offers its advantages to you.

--=20
Roger=20

So its better I read the helps for EFS and get rid of that function for
secure my homebanking passwords and other confidential stuff in my HD.
Thanks a lot Mr. Roger.

Alexandro Pestana. www.djalex.net - www.miradouro.net

That will work as long as the person does not know how to open the PC
case, and reset the BIOS, ie remove the CMOS battery and then
re-install it.

Ralph Malph

On Fri, 9 May 2003 07:08:40 -0700, "Alex" > wrote:

>You can set up a bios password. When your computer is
>booting up it will tell you a key to press to enter setup
>(normally F2). When you enter the bios go to the security
>tab and set a supervisor password and a user password.
>Make them the same.after that press F10 and a password
>prompt should come up before your pc boots.
>
>
>>-----Original Message-----
>>Please help me. I need to know what to do so no-one can
>>open or use my computer when I'm not at home. How can I
>>prevent them from opening windows to access my internet
>or
>>computer it self. Leaving town tonight need help A.S.A.P
>>Please reply back. First time owning my computer.
>>Thank You,
>>Deborah
>>.
>>

Thanks for your good help Mr. Roger, I will read that thing carefully.

Alexandro Pestana.