Penetration Testing mailing list archives

RE: Windows 2000 Offline Files on a Laptop

From: "Jonah Kowall" <jkowall () psteering com>
Date: Fri, 24 May 2002 10:53:31 -0400

I know they are encrypted.  If you change the users password, then you
are an admin.  Administrators have access to encrypted files.

-----Original Message-----
From: Johann van Duyn [mailto:Johann_van_Duyn () bat com] 
Sent: Friday, May 24, 2002 5:52 AM
To: pen-test () securityfocus com
Subject: Windows 2000 Offline Files on a Laptop

Hi there...

Has anyone on the list ever hacked away at a laptop machine 
with Windows 2000 Offline Folders? Are these folders 
encrypted at all, and if I were to reset the user's password 
and then log in, would that give me access to the folders? 
Any other concerns? I am trying to assess the risks involved 
in the possible use of offline folders by our mobile workforce.

Thanks!

-----------------------------------------
Johann van Duyn, CISSP
IT Risk and Security Manager: British American Tobacco South 
Africa Stellenbosch, South Africa Tel. +27 (21) 8883765 Cel. 
+27 (82) 4588472 Fax. +27 (21) 8838692
E:mail: johann_van_duyn () bat com
-----------------------------------------
"Technology is dominated by two types of people: those who 
understand what they do not manage, and those who manage what 
they do not understand."

-- Anonymous

Confidentiality Notice: The information in this document and 
attachments is confidential and may also be legally 
privileged. It is intended only for the use of the named 
recipient. Internet
communications are not   secure and therefore British American
Tobacco does not accept legal responsibility for the contents 
of this message. If you are not the intended recipient,please 
notify us immediately and then delete this document. Do not 
disclose the contents of this document to any other person, 
nor take any copies. Violation of this notice may be unlawful.

--------------------------------------------------------------
--------------
This list is provided by the SecurityFocus Security 
Intelligence Alert (SIA) Service. For more information on 
SecurityFocus' SIA service which automatically alerts you to 
the latest security vulnerabilities please see:

https://alerts.securityfocus.com/


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

Windows 2000 Offline Files on a Laptop Johann van Duyn (May 24)
- <Possible follow-ups>
- RE: Windows 2000 Offline Files on a Laptop Jonah Kowall (May 24)