Re: EFS File Copy Decrypts files. How can this be avoided?
- From: "David Davis" <DavidDavis@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 4 Jan 2006 15:10:04 -0800
XCOPY /G will force the move of encrypted files to location that may not
support encryption. Miha is correct that the file must be decrypted for
travel across the wire. If your issue was with security in transit then
WEBDAV would be a viable solution since WEBDAV supports the use of SSL all
content would be encrypted on the wire. However from what I have read, your
only issue is the latency produced by the decryption and re-encryption of the
files. Unfortunately the only way you are going to avoid this is via a
imaging software such as Ghost. Using Ghost you can image the data and
restore fully encrypted. However as Miha mentioned, you will need to make
sure that the user's key is transfered over to the destination machine. If it
is not, then they will be denied access. Using the Cipher /R command you can
generate a .pfx file of the users certificate on the source machine and
import it on to the destination machine thus allowing access. Either way you
are looking at additional overhead.
Good Luck!
--
David Davis [MCSE, CCNA, Security +]
"Miha Pihler [MVP]" wrote:
> When copying over the network is it just slow -- or it doesn't work at all?
> I am not sure from your last post? If it doesn't work at all -- how does it
> fail? What is end result?
>
> One big difference in this case is that when copying to e.g. external drive
> (e.g. USB) it is still same computer that holds the keys -- so the operation
> is quite simple...
> When copying over the network -- the end server needs to have the keys too
> to be able to encrypt the file in your name (and the computer must be
> "trusted for delegation") ...
>
> --
> Mike
> Microsoft MVP - Windows Security
>
> "Talon" <Talon@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:673EF130-80F5-4ACF-AAB5-6FA0C89394AB@xxxxxxxxxxxxxxxx
> > >:)
> > I have performed extensive testing on this. I can copy an encrytped file
> > from Laptop#1 to a drive popped out of a laptop#2 that has encyrption as
> > well(Not folders but files) in a USB Bay or Drive bay.
> > The mass file copies move just as fast as prior to efs. This is not true
> > if
> > I perform the same over the network, or via crossover connectivity.
> > The text on this may not be accurate or up to date.
> > Again...
> > I have two laptops both supporting encryption with private keys and such.
> > Folders are NOT set to encrypt, its actually a policy and app that is
> > performing the EFS.
> > Copying to the drive in a USB Drive enclosure works, Copying to the drive
> > in
> > a Selectbay works.
> > Copying over network or Crossover connectivyt doesnt.
> > I challenge you all to try it.
> >
> >
> >
>
>
>
.
- References:
- Re: EFS File Copy Decrypts files. How can this be avoided?
- From: Roger Abell [MVP]
- Re: EFS File Copy Decrypts files. How can this be avoided?
- From: Miha Pihler [MVP]
- Re: EFS File Copy Decrypts files. How can this be avoided?
- From: Miha Pihler [MVP]
- Re: EFS File Copy Decrypts files. How can this be avoided?
- From: Miha Pihler [MVP]
- Re: EFS File Copy Decrypts files. How can this be avoided?
- Prev by Date: Re: Administrator password
- Next by Date: Re: integrated fingerprint reader windows login feature
- Previous by thread: Re: EFS File Copy Decrypts files. How can this be avoided?
- Next by thread: Re: lo71
- Index(es):
Relevant Pages
|
