Re: File ENcryption Problem Detail
From: Drew Cooper [MS] (dcoop@online.microsoft.com)
Date: 08/29/02
- Next message: tony: "Help Please! IPSecurity Policy"
- Previous message: Angelis: "Remote Desktop Web Connection ActiveX control and Terminal Server Windows 2000"
- In reply to: Mandy: "Re: File ENcryption Problem Detail"
- Next in thread: Mandy: "Re: File ENcryption Problem Detail"
- Reply: Mandy: "Re: File ENcryption Problem Detail"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Drew Cooper [MS]" <dcoop@online.microsoft.com> Date: Wed, 28 Aug 2002 19:43:02 -0700
We could not reproduce your issue in our lab. I have no idea what's really
happening on your machine or how to get another machine into a similar
state.
DCs are trusted for delegation. This means that they are enabled to be
servers for remote EFS. Not that it's good policy to use your DCs for file
servers, mind you. ;-)
If you're logged on to the DC locally, can you encrypt any files?
While the machine hangs, what process is the CPU hog?
-- Drew Cooper [MS] This posting is provided "AS IS" with no warranties, and confers no rights. "Mandy" <mmmandy@hotmail.com> wrote in message news:#QkxxkWTCHA.3620@tkmsftngp08... > For my testing, I guess something has conflict between the local recovery > policy and domain recovery policy. > > In addition, I guess domain controller does not support encryption by other > machine. > > "Robert Gu [MS]" <robertg@online.microsoft.com> 撰寫於郵件 > news:#u1xzJVTCHA.4136@tkmsftngp08... > > Will forward this to our testers for a repro. I believe there are more > > details you need to give. We do have Win2K server running EFS here. Can > you > > think of anything that might help us to repro? > > > > -- > > This posting is provided "AS IS" with no warranties, and confers no > rights. > > > > Robert Gu [MS Security Developer] > > "Mandy" <mmmandy@hotmail.com> wrote in message > > news:uIdntnwSCHA.1648@tkmsftngp08... > > > Here is the detail: > > > > > > A user wants to encrypt a file in a drive, the drive is mapped from a > > shared > > > folder on the server. When user tries to encrypt the file, the server > is > > > hang and the user's PC has shown "processing". > > > > > > There is nothing being modified in the recovery agent. Therefore, > > > > > > Server- there is one local recovery agent in the local security policy > and > > > one domain recovery agent defined in the domain security policy. > > > PC - there is one local recovery agent is defined locally and one domain > > > recovery agent is defined by the domain controller (this domain recovery > > > agent has the same certificate ID in the domain recovery agent in the > > > server). > > > > > > > > > > > > "Mandy" <mmmandy@hotmail.com> 撰寫於郵件 > > > news:#xfCHjwSCHA.3720@tkmsftngp08... > > > > Robert, > > > > > > > > nothing is encrypted on the server or client PC (I have implemented > this > > > > scenario in the testing environment, which has the clean installation > of > > > > server and professional). > > > > > > > > I just wonder is it possible to do encrypted on server by client PC? > > > > > > > > Mandy > > > > > > > > "Robert Gu [MS]" <robertg@online.microsoft.com> 撰寫於郵件 > > > > news:eBiwo0sSCHA.2412@tkmsftngp13... > > > > > Encryption should not cause hang. Local recovery agent should not > > affect > > > > the > > > > > recovery policy. Is the %temp% on the server marked as encrypted? > Can > > > you > > > > > provide more detailed repro steps? > > > > > > > > > > -- > > > > > This posting is provided "AS IS" with no warranties, and confers no > > > > rights. > > > > > > > > > > Robert Gu [MS Security Developer] > > > > > "Mandy" <mmmandy@hotmail.com> wrote in message > > > > > news:#EAbVooSCHA.1880@tkmsftngp13... > > > > > > Hi everyone, > > > > > > > > > > > > Would u please give me a help. Here is the situation. > > > > > > > > > > > > Environment: > > > > > > - Windows 2000 Server promoted to a Domain Controller (Server), > and > > > > domain > > > > > > computer (PC). > > > > > > - A shared folder is created on Server such that user can map the > > > shared > > > > > > folder as a Drive > > > > > > > > > > > > Problem: Domain User using PC encrypts the shared file on Server > > such > > > > > that > > > > > > the server will be hang. > > > > > > > > > > > > Resolution has done: > > > > > > - I have tried this scenario many many times in the testing > > > environment, > > > > > but > > > > > > the same problem occurs. > > > > > > - I have tried to use roaming profile. > > > > > > - Domain User accounts are not marked as "sensitive and cannot be > > > > > delegated" > > > > > > this is following the instruction from MS White Paper. > > > > > > > > > > > > Question: I just wonder how to encrypt a file on a server/domain > > > > > controller. > > > > > > Or is it possible? > > > > > > > > > > > > After a few tries on the testing environment, it works fine when I > > > > deleted > > > > > > the local recovery agent on the sever. Will that be the cause of > > the > > > > > > problem? > > > > > > > > > > > > Man > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >
- Next message: tony: "Help Please! IPSecurity Policy"
- Previous message: Angelis: "Remote Desktop Web Connection ActiveX control and Terminal Server Windows 2000"
- In reply to: Mandy: "Re: File ENcryption Problem Detail"
- Next in thread: Mandy: "Re: File ENcryption Problem Detail"
- Reply: Mandy: "Re: File ENcryption Problem Detail"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
