Re: remote DEcryption problem

From: Mandy (mmmandy@hotmail.com)
Date: 08/26/02

• Next message: Mandy: "Re: remote DEcryption problem"
• Previous message: Patrick Ferrito \(MCSE\): "Re: remote DEcryption problem"
• In reply to: Patrick Ferrito \(MCSE\): "Re: remote DEcryption problem"
• Next in thread: Mandy: "Re: remote DEcryption problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "Mandy" <mmmandy@hotmail.com>
Date: Mon, 26 Aug 2002 17:28:05 +0800

God bless u that some can answer your problem
"Patrick Ferrito (MCSE)" <pferrito@hotmail.com> ?????
news:858a01c24cdf$866d1930$3aef2ecf@TKMSFTNGXA09...
> 1)- Where is the shared folder located, i.e., on a domain
> controller or just a server? If just a server, you have to
> enable the 'trust for delegation' so that services can be
> shared with it.
>
> 2)- NTFS volume where encryption is to be held must be
> ver 5.0 (the default if O/S is installed from scratch.
>
> 3)- Install a Certificate Authotity (from Add/ Remove
> programs) on the server where encrypted files are to be
> hosted. This will provide a central store for all EFS
> certificates for users in your domain.
>
> 4)- Be sure that you have at least one EFS RECOVERY AGENT
> (default is the Administrator)- found under the Domain
> policies on a Domain controller. This is extremely
> important...NO Domain Recovery Agent===NO Encryption..
>
> 5)- Be sure that you are fully using a domain
> infrustracture (Win2000pro clients have a computer+user
> a/c on the DC)This promotes automatic EFS certificate
> enrolling into the CA without user intervantion.
>
> 6)- Be sure that permissions to the shared folder are
> sufficient--- to test, try to give full permissions to the
> shared folder.
>
> 7)- If still nothing happens, try to create a new user
> account - maybe the account you are using got corrupted.
>
> 8)- If you still cannot work, try local encryption on any
> Win2000 pro PC (to avoid remote encryption). Also see if
> the CA (Certificate Authority) adds an EFS certificate for
> new users who log onto your domain with Win 2000pro.
>
> 9)- You should work with the above points in mind. Try a
> new test scenario if you still cannot make EFS work.
>
> 10)- If EFS works, test and retest recovery of encrypted
> files in the event of a disaster recovery. Also, add new
> EFS recovery agents and 'export' the private key for
> offsite decryption.
>
> 11)- GOOD LUCK - I am still hoping that my DEcryption
> query be answered though !!!
>
>
>
> >-----Original Message-----
> >Hey, you have a better result than I do.................I
> am even unable to
> >encrypt file on the server by a domain client (PC).
> >
> >Would u tell me how can u encrypt file remote on the
> server (like mapping a
> >shared folder and encrypting file inside).
> >
> >Did u face any problem (e.g. slow logon at the first time
> to encrypt?)
> >
> >"Patrick Ferrito (MCSE)" <pferrito@hotmail.com> ?????
> >news:760501c24cd4$3184ce00$37ef2ecf@TKMSFTNGXA13...
> >> I have set up the following WIN2000 (SP3) scenario:-
> >> - A Domain Controller (GC) with Certificate Authority
> inst.
> >> - A shared folder on this server with full permissions.
> >> - Configured Recovery Agents.
> >>
> >> When domain Win2000pro (SP3) pro clients connect to the
> >> shared folder on this Domain Controller, user
> can 'encrypt
> >> files/folders', 'delete encrypted files/folders'
> and 'copy
> >> encrypted files/folders'. BUT when any domain Win2000pro
> >> (SP3) client tries to DEcrypt HIS files/folders on this
> >> shared folder, the Win2000 client hangs. So does the
> >> WIN2000 Domain Controller. The server remains frozen for
> >> about 10 minutes, after which continues working
> normally,
> >> noting that 'lsass.exe' service increases its memory
> >> usage. DEcryption works well if done locally on
> Win2000pro
> >> PC.
> >
> >
> >.
> >

---

• Next message: Mandy: "Re: remote DEcryption problem"
• Previous message: Patrick Ferrito \(MCSE\): "Re: remote DEcryption problem"
• In reply to: Patrick Ferrito \(MCSE\): "Re: remote DEcryption problem"
• Next in thread: Mandy: "Re: remote DEcryption problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Folder Redirection Data Encryption ... user profile on that server and either encrypt a file there to generate a encryption ... encrypt a file on it creating a EFS certificate/private key in that profile. ... (microsoft.public.win2000.networking) Re: Folder Redirection Data Encryption ... >First the remote server must be trusted for delegation ... >certificate/private key or import your existing one into ... >encrypt a file on it creating a EFS certificate/private ... (microsoft.public.win2000.networking) Re: EFS network folders ... EFS was introduced to prevent abuse from unauthorized access to stolen hard ... So I thought that enabling EFS on a folder would encrypt contents making ... >> folder on server, from the workstation, to encrypted status. ... (microsoft.public.win2000.security) Re: EFS and multiple users ... Let say I encrypt a file on my PC. ... Now I have to copy it to the server ... Files will usually inherit parent folder settings (permissions, EFS ... (microsoft.public.win2000.security) Re: EFS and Delegation ... > server or once the user has the certificate on the server disabling his ... > if that new test user can encrypt a file via EFS on the server share. ... did NOT copy profiles to the DC ... (microsoft.public.windows.server.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)