Encrypting File System

The technology enables files to be transparently encrypted to protect confidential data from attackers with physical access to the computer.

The most widely accepted solution to this is to store the files encrypted on the physical media (disks, USB pen drives, tapes, CDs and so on).

Any non-domain-joined Windows 2000 computer will be susceptible to unauthorized EFS decryption by anyone who can take over the local Administrator account, which is trivial given many tools available freely on the Internet.

If an attacker gains physical access to the Windows 2000 computer and resets a local user account's password,[7] the attacker can log in as that user (or recovery agent) and gain access to the RSA private key which can decrypt all files.

This is because the backup of the user's RSA private key is encrypted with an LSA secret, which is accessible to any attacker who can elevate their login to LocalSystem (again, trivial given numerous tools on the Internet).

This means that an attacker who can authenticate to Windows XP as LocalSystem still does not have access to a decryption key stored on the PC's hard drive.

Once a user is logged on successfully, access to his own EFS encrypted data requires no additional authentication, decryption happens transparently.

Windows can store versions of user account passphrases with reversible encryption, though this is no longer default behaviour; it can also be configured to store (and will by default on the original version of Windows XP and lower) Lan Manager hashes of the local user account passphrases, which can be attacked and broken easily.

To mitigate the threat of trivial brute-force attacks on local passphrases, older versions of Windows need to be configured (using the Security Settings portion of Group Policy) to never store LM hashes, and of course, to not enable Autologon (which stores plaintext passphrases in the registry).

[8] Anyone who can gain Administrators access can overwrite, override or change the Data Recovery Agent configuration.

This is a very serious issue, since an attacker can for example hack the Administrator account (using third-party tools), set whatever DRA certificate they want as the Data Recovery Agent and wait.

If such a malicious insider can gain physical access to the computer, all security features are to be considered irrelevant, because they could also install rootkits, software or even hardware keyloggers etc.

Accessing encrypted files from outside Windows with other operating systems (Linux, for example) is not possible—not least of which because there is currently no third party EFS component driver.

This led to coining of the term "delayed recycle bin", to describe the seeming inevitability of data loss if an inexperienced user encrypts his or her files.