Does EFS protect network shares? (70-642 certification question)

A question from a reader:

Hi,
first of all thanks a lot for your help and sorry for my english.
I bought your book in order to get the 70-642 certification, I have just finished it and may be next week I will take the exam.
There is a thing I can´t  understand  about EFS, so let me explain it to you.
In Chapter 11, Lesson 1, page 517 you said :
How to share files Portected with EFS
If you need to share EFS-protected files with other users on your local computer, you need to add their encryption certificates to the file. You do not need to follow these steps to share files across a network; EFS only affects files that are accessed on the local computer because Windows automatically decrypts files before sharing them”
From your words I understand that EFS don´t affect trough shared folders and any user who has NTFS permissions to read the file will be able to read it instead it is encrypted with EFSif this user access the file trough a network share, not in local.
Later, in the Q&A section,  page 524, Question number 2. The answer is D and the answer, page 618 says
“EFS affects only user who access files locally. Therefore, because the user is connecting across the network, you don not need to make any changes.”
I still understand the same, trough network connection there is no EFS protection.
But latter, I began the Practice Test included in the CD and there is a question which answer tells exactly the opposite. I make a capture of the question.
“EFS does protect files that are accessed across the network, providing an additional layer of protection to NTFS permissions.”
Maybe I´m making a mistake but I prefered to try to ask you where is the mistake, because I always thinked that EFS does protect from users without the right certificate to read the files.
Thanks a lot for your help and for all the content of the book wich has helped me to study for this exam.
Best regards.
And my response:
Sorry for the mistake. C is the only correct answer. The explanation is wrong–as the book says, EFS does nothing to protect files from network access.
I’ll send a note to the editors to add this to the errata! Thanks for letting me know.
This entry was posted in Certifications, Reader Questions, Security and tagged , , by Tony Northrup. Bookmark the permalink.

About Tony Northrup

Tony Northrup, MVP, MCITP, MCPD, MCSE, MCTS, and CISSP, is a Windows consultant and author living in Waterford, Connecticut, in the United States. Tony started programming before Windows 1.0 was released, but has focused on Windows administration and development for the last fifteen years. He has written more than two dozen books covering Windows development, networking, and security. Among other titles, Tony is coauthor of the Windows 7 Resource Kit, the Windows Vista Resource Kit, and Windows Server 2008 Networking and Network Access Protection (NAP). When he's not writing, Tony enjoys photography, travel, and being awesome. Tony lives with his girlfriend, Chelsea, her daughter, Madelyn, and three dogs. You can learn more about Tony by visiting his personal website at http://www.northrup.org and his photography portfolio at http://northrupphotography.com.

3 thoughts on “Does EFS protect network shares? (70-642 certification question)

  1. So, let me re-iterate it clearly. Correct me if I am wrong:

    FIRST choice from the TOP: WRONG! The attacker have gained access to an expose console and can read all EFS-encrypted files.

    SECOND choice from the TOP: WRONG! To install a keylogger, access to registry (SYSTEM hive) is required. EFS may not protect registry.

    THIRD choice from the TOP: CORRECT! EFS-encrypted files are well protect against offline attack. Attack will get nothing but a heap of indecipherable junk!

    FOURTH choice from the TOP: WRONG! “EFS only affects files that are accessed on the local computer because Windows automatically decrypts files before sharing them.”

    • Doh, you’re right. EFS doesn’t protect against changing system files, which was actually the point of that distractor. As the explanation points out, BitLocker does, EFS does not.

      I tricked myself with that question :).

      I’m updating the article to avoid future confusion. Thanks for letting me know.

  2. Glad I found this. I was very frustrated when I got this question wrong. Now I know I was correct and efs does not protect files over the network.

Comments are closed.