Re: remote DEcryption problem
From: Patrick Ferrito \(MCSE\) (pferrito@hotmail.com)
Date: 08/26/02
- Next message: Mandy: "Re: remote DEcryption problem"
- Previous message: Mandy: "Re: remote DEcryption problem"
- In reply to: Mandy: "Re: remote DEcryption problem"
- Next in thread: Mandy: "Re: remote DEcryption problem"
- Reply: Mandy: "Re: remote DEcryption problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Patrick Ferrito \(MCSE\)" <pferrito@hotmail.com> Date: Mon, 26 Aug 2002 02:04:03 -0700
1)- Where is the shared folder located, i.e., on a domain
controller or just a server? If just a server, you have to
enable the 'trust for delegation' so that services can be
shared with it.
2)- NTFS volume where encryption is to be held must be
ver 5.0 (the default if O/S is installed from scratch.
3)- Install a Certificate Authotity (from Add/ Remove
programs) on the server where encrypted files are to be
hosted. This will provide a central store for all EFS
certificates for users in your domain.
4)- Be sure that you have at least one EFS RECOVERY AGENT
(default is the Administrator)- found under the Domain
policies on a Domain controller. This is extremely
important...NO Domain Recovery Agent===NO Encryption..
5)- Be sure that you are fully using a domain
infrustracture (Win2000pro clients have a computer+user
a/c on the DC)This promotes automatic EFS certificate
enrolling into the CA without user intervantion.
6)- Be sure that permissions to the shared folder are
sufficient--- to test, try to give full permissions to the
shared folder.
7)- If still nothing happens, try to create a new user
account - maybe the account you are using got corrupted.
8)- If you still cannot work, try local encryption on any
Win2000 pro PC (to avoid remote encryption). Also see if
the CA (Certificate Authority) adds an EFS certificate for
new users who log onto your domain with Win 2000pro.
9)- You should work with the above points in mind. Try a
new test scenario if you still cannot make EFS work.
10)- If EFS works, test and retest recovery of encrypted
files in the event of a disaster recovery. Also, add new
EFS recovery agents and 'export' the private key for
offsite decryption.
11)- GOOD LUCK - I am still hoping that my DEcryption
query be answered though !!!
>-----Original Message-----
>Hey, you have a better result than I do.................I
am even unable to
>encrypt file on the server by a domain client (PC).
>
>Would u tell me how can u encrypt file remote on the
server (like mapping a
>shared folder and encrypting file inside).
>
>Did u face any problem (e.g. slow logon at the first time
to encrypt?)
>
>"Patrick Ferrito (MCSE)" <pferrito@hotmail.com> ?????
>news:760501c24cd4$3184ce00$37ef2ecf@TKMSFTNGXA13...
>> I have set up the following WIN2000 (SP3) scenario:-
>> - A Domain Controller (GC) with Certificate Authority
inst.
>> - A shared folder on this server with full permissions.
>> - Configured Recovery Agents.
>>
>> When domain Win2000pro (SP3) pro clients connect to the
>> shared folder on this Domain Controller, user
can 'encrypt
>> files/folders', 'delete encrypted files/folders'
and 'copy
>> encrypted files/folders'. BUT when any domain Win2000pro
>> (SP3) client tries to DEcrypt HIS files/folders on this
>> shared folder, the Win2000 client hangs. So does the
>> WIN2000 Domain Controller. The server remains frozen for
>> about 10 minutes, after which continues working
normally,
>> noting that 'lsass.exe' service increases its memory
>> usage. DEcryption works well if done locally on
Win2000pro
>> PC.
>
>
>.
>
- Next message: Mandy: "Re: remote DEcryption problem"
- Previous message: Mandy: "Re: remote DEcryption problem"
- In reply to: Mandy: "Re: remote DEcryption problem"
- Next in thread: Mandy: "Re: remote DEcryption problem"
- Reply: Mandy: "Re: remote DEcryption problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
