0

Example situation:

  1. You have an external USB hard drive with a folder D:\Work\ encrypted with EFS, and you want to copy a few files from it to your colleague Bob's computer

  2. You plug the external USB hard drive on his computer

  3. You open the .pfx file on his computer, unlocking the files (Should I use the .pfx file created while encrypting or another file?)

  4. You can copy the data to Bob's computer, and even uncheck the Encrypt contents to secure data on his computer, thus he will be able to use the file even if he doesn't have the encryption key anymore

  5. Once the files are copied, you don't want Bob to keep full access to your hard drive anymore (especially D:\Private\), how to remove the authorization granted when opening the .pfx file on Bob's computer?

How to handle such a situation?

Of course, a power user could have a mechanism to copy secretly the PFX file (in the same way a power user could have a key logger when you enter a password). But still, removing the authorization granted by a PFX file could prevent all non-power-users to have the data if they just plug the disk on their computer. That's enough for my requirements.

Basj
  • 2,143

1 Answers1

0

Here is what I did:

  1. Launch

    certmgr.msc

enter image description here

  1. Go to Personal > Certificates, and delete the certificate that has been used (the Role column should display EFS Encrypted file system).

  2. Reboot the computer. If you don't reboot, the files on the external USB hard drive will still be accessible, even if you did the step 2. (I did a test and I can confirm).

Basj
  • 2,143