Ben’s Blog

Today we caught ourselves up with a good study of Chapter 3, 4 and 5 — covering disks and file systems; device and peripheral management; and user experience management and configuration.

One area I didn’t cover a lot on in class that I feel does deserve some study time is the encryption capabilities of Windows XP. Encryption (EFS) keeps honest people honest — so if you don’t have a certificate (by way of proper logon credentials), you don’t get access to an encrypted file. As mentioned before, encrypting a file does nothing if you simply stay logged into your client machine. Anyone who then walks up to your logged-on machine can then access the file.

But what happens if you encrypt something and the leave the company?

If a certificate is deleted or otherwise inaccessible, a person designated as a Recovery Agent will be responsible for “unlocking” the file. Best practices dictates that the encrypted file be sent to the recovery agent to be decrypted — don’t expect the Recovery Agent to bring their own key to your computer, it probably won’t happen. What’s really important to point out here is: the recovery agent must be designated before EFS is used on a file! Otherwise, you’re up a creek.

Homework:

• Chapter Three: Review Questions; Scenario 3-2
• Chapter Four: Review Questions
• Chapter Five: Review Questions; Scenario 5-1