Windows EFS Verification Experiment

Note: This is an assignment in the class. The conclusions may not be correct. You are welcome to leave a comment to correct it.

In Windows, use the EFS service to implement or verify the following functions:
1. Use EFS to encrypt files or folders
2. EFS encryption is located at the file system layer, with high encryption and decryption efficiency.
3. The file encrypted by account A for EFS cannot be opened by account B Unless shared
4. the folder encrypted by account A for EFS cannot be opened by account B Unless shared
5. other users can read, execute, or delete the encrypted file only after it is shared.
6. After EFS-encrypted files in the NTFS Volume are transferred to the USB drive, security will not be affected.
7. Transferring unencrypted files to encrypted folders improves security

Note: Steps for sharing EFS after Encryption
1) Right-click the encrypted file to be shared and select the "properties" command to open the file Properties dialog box.
2) on the "General" tab, click the "advanced" button to open the "Advanced properties" dialog box, and then click the "details" button, in the new dialog box, click "add" to add an EFS certificate for another user, and then click "OK.

A:

Verification Experiment:

The procedure is as follows: create a virtual machine for the Microsoft Windows XP Professional with SP3 operating system on VMWare Player (select the disk file format as NTFS when installing the operating system) and create two users respectively, use these two users to create some files and folders, encrypt them, add "users who can access this file transparently" to some files as needed, and then switch users, perform some file and folder operations to verify the above problem. In addition, connect to the USB flash drive of different file system formats (if there is only one USB flash drive, you can divide it into multiple partitions. When formatting, select different file formats. After the experiment ends, delete the partitions and then merge the partitions) verify the experiment of the effect of the USB flash disk on EFS encryption on the virtual machine.

Conclusion:

1) Correct. After the file or folder is encrypted by EFS, the file name or folder name in resource manager is displayed in green;
2) correct. We can see from the name that EFS should be on the file system layer. ntfs efs encryption is more efficient than FAT32 encryption;
3) correct. You can add a user certificate to "users who can access this file transparently" for sharing;
4), error. Account B is free to open, rename, copy, and delete the account a encrypted folder and Its subfolders (including recursive subfolders, the same below ), however, files in folders and subfolders cannot be copied during replication. Only the directory structure is copied, And the copied folders and subfolders are encrypted;
5). the encrypted files cannot be read and executed by unshared users, but can be moved, deleted, renamed, and cannot be copied;
6). Error: If the USB flash drive is in FAT32 format, copying or moving files will lose the encryption information (the resource manager will prompt). If the USB flash drive is in NTFS format, encryption information can be retained. If the USB flash drive is in another file system format, it is not verified, but theoretically it is the same as FAT32;
7). correctly, unencrypted files are automatically encrypted when they are moved to an encrypted folder, and folders are also encrypted. After encryption, the file access and execution permissions are executed to move (or may be copied) is irrelevant to the folder encryptor.

Questions:
Based on the experiment and thinking, briefly summarize the shortcomings of the EFS Service

A:
1) In essence, EFS only encrypts files, and does not provide real security for folder encryption (personal opinion). At the same time, the files in the encrypted folder can be unique, such freedom may be difficult to manage;
2) the file is not completely encrypted, and the file cannot be deleted, moved, or renamed. To some extent, this is also caused by the extremely thin folder encryption.
3) EFS encryption (in theory) can only be used in NTFS file systems, with great limitations.
4) due to the EFS encryption principle, files encrypted by EFS can only be accessed by the encryption account on the encrypted domain and host (read, write, and execute, the same below), that is, the encrypted file cannot be accessed through the USB flash drive in other domains and hosts, which causes great inconvenience in file communication.
5) the EFS encryption principle has also led to the fact that after the operating system is reinstalled, even the original account name cannot be accessed. Therefore, EFS encryption has a certain "deadlock" risk.

Supplement: When files are encrypted on Windows 7 Ultimate with SP1 (32 bit) on the host machine, the operating system will prompt you to back up the encryption certificate, which should be an improvement measure for the above 4) and 5.