LAN WORKSHOP TECHNICAL REPORT
The following report contains sufficient information and explanation about
the design as well as the required steps to implement the design of the solution provided.
(1) Briefly explain the Encrypted File Systems (EFS) and demonstrate how to use
EFS to encrypt a folder on Windows 7.
The EFS is a file system filter that provides file system (NTFS)-level encryption. The technology enables files to be transparently encrypted to protect confidential data from attackers with physical access to the computer. Suppose that a folder C:EncryptedFiles has been created and all the users of the computer have full control on it. The folder can be encrypted by following the steps given below:
1. Right-click the C:EncryptedFiles folder and click Properties
2. In the Properties dialog box, click Advanced
3. To encrypt the folder, make sure the Encrypt contents to secure data checkbox is selected. Click OK to complete the setting
All files created by a user in this folder can then be opened by only the owner. Any attempts to access to these files from other users will be denied.
(2) Is it possible in Windows 7 to allow other users the ability to view/edit the contents of an encrypted file, if so how?
It is possible for users to access (view/edit) each other’s encrypted files with the permission of the owner. Suppose that two users have created encrypted files in the folder C:EncryptedFiles (Personal Information Exchange Certificate will be generated for the two users automatically). Then if one user what to give access to another user for one of his/her encrypted files, he/she can just right click that file and select Properties and in the Properties dialog box click Advanced/ Details. Click Add in the opened dialog box and select the user to whom the owner wants to give the access. The selected user can now view/edit the encrypted file. Fig. 2 Add user to access the file Fig. 3 Select a user to access the file
(3) Decrypt Encrypted Files on Windows 7
The computer Administrator can be configured as the agent to decrypt encrypted files by following the steps given below:
1. Login as Administrator
2. Go to Start/Run and type in cmd to open the console box.
At the prompt type cipher /r: and press enter. This prompt will then display: Please type in the password to protect your .PFX file: Please retype the password to confirm: After typing in the password and if no mistake occurring, the prompt will then display Your .CER file was created successfully. Your .PFX file was created successfully.
Fig.4 Generate the certificates
The .CER and .PFX files will be saved in the current directory that is shown at the command prompt. For example, if the command prompt displays C:UsersAdministrator>, the two files are just saved in the Administrator folder (Fig. 4).
3. At the console prompt type in certmgr.msc and this will open a dialog box to launch the Certificates Manager. Navigate to Personal and right click on the folder and select All Tasks/Import (Fig. 5). The Certificate Import Wizard will appear (Fig.
6). Click Next. Browse to the C:UsersAdministrator folder In the Open dialog box, change the Files of Type (at the bottom) to personal Information Exchange (*.pfx,*.P12). Select the file fileName.pfx and click Open (Fig. 7a). Click Next to import the certificate (Fig. 7b). Type in your password (leave the first two checkboxes blank and the third checked as shown in) and click Next (Fig. 8). Make sure the Radio button is active for the first option (Automatically select the certificate store based on the type of certificate, Fig. 9a). Click Next. Click Finish. (You’ll receive a message that the import was successful).
Fig. 5 Import the Certificate
Fig. 6 File to import
Fig. 7a Select the certificate file
Fig. 7b Import the certificate file
Fig. 8 Key in the password
(a)
(b)
Fig. 9 Complete the certificate import
4. At the console prompt type in secpol.msc and click OK. This will launch the Local Security Policy (Fig. 10). Expand the Public Key Policies folder and then right click on the Encrypted File System subfolder and select Add Data Recovery Agent
(Fig. 11). The Wizard will then display (Fig. 12). Click Next. Click the Browse button. Browse to the C:UsersAdministrator folder. Select the certificate file and click Open. (Fig. 13), the wizard will display the status User_Unknown. That’s ok. Click
Next. Click Finish (Fig. 14). You will see a new entry in the right side column. Close the Local Security Policy.
You, the Administrator are now configured as the default Recovery Agent for all encrypted files that are afterwards created, saved or just re-opened in the C:EncryptedFile.
Fig. 10 Local Security Policy
Fig. 11 Select Encrypt File System
Fig. 12 Add Recovery Agent Wizard
Fig. 13 Select the certificate file
(a)
(b)
Fig. 14 Select Recovery Agents
The post LAN WORKSHOP TECHNICAL REPORT appeared first on My Assignment Online.