From a Lockergnome reader:
I evaluated EFS back when it was introduced in Windows 2000, and it has one MAJOR hole that, at least for the initial release of Windows XP Embedded, Microsoft had not addressed. I have seen at least some reports that it might have been fixed, but I wanted to pass on the information anyway.
When using EFS, Windows uses a symmetric algorithm and encrypts that key using that user’s certificate. It also saves a copy of that key in the local Administrator account.
With a bootable floppy capable of resetting the local Administrator account, such as the one here, those encrypted files are easily compromised.
[tags]efs,xp embedded,symmetric algorithm,boot disk[/tags]