Re: File ENcryption Problem Detail
From: Mandy (mmmandy@hotmail.com)
Date: 08/30/02
- Next message: blaman: "permissions and logging"
- Previous message: Mandy: "Re: File ENcryption Problem Detail"
- In reply to: Drew Cooper [MS]: "Re: File ENcryption Problem Detail"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Mandy" <mmmandy@hotmail.com> Date: Fri, 30 Aug 2002 10:50:52 +0800
In addition, when u encrypt remotely (client to server), which users account
is used?
domain administrator account?
This may be the cause of the problem, because DC may not allow normal user
account to create a profile in the DC.
"Drew Cooper [MS]" <dcoop@online.microsoft.com> 级糶秎ン
news:uOljqU5TCHA.1864@tkmsftngp12...
> Yes. We have a clean install of Win2k SP3 on both a DC and a client
joined
> to its domain. We can encrypt remotely (client to server, of course).
> If you have taskman running, showing the big CPU users, then repro, you
> should see what's grinding away. This is not a very fine-grained
approach,
> I'm afraid. If we could repro in our lab, we could debug it. Not sure
what
> to do in this case unless we can see what's happening.
>
> Are there any clues in the event viewer after you've rebooted the hung
> machine?
> --
> Drew Cooper [MS]
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
>
> "Mandy" <mmmandy@hotmail.com> wrote in message
> news:ewtYAM0TCHA.1668@tkmsftngp13...
> > it is able to encrypt file locally on the DC, but not remotely encrypt
> file
> > on server by client PC users
> >
> > Sorry that I am unable to know which process as the machine hangs and
> > un-responds.
> >
> > when u repro the situation, can u encrypt file on server remotely from
> > client PC?
> >
> > "Drew Cooper [MS]" <dcoop@online.microsoft.com> 级糶秎ン
> > news:ecqNpWwTCHA.1496@tkmsftngp11...
> > > We could not reproduce your issue in our lab. I have no idea what's
> > really
> > > happening on your machine or how to get another machine into a similar
> > > state.
> > >
> > > DCs are trusted for delegation. This means that they are enabled to
be
> > > servers for remote EFS. Not that it's good policy to use your DCs for
> > file
> > > servers, mind you. ;-)
> > >
> > > If you're logged on to the DC locally, can you encrypt any files?
> > > While the machine hangs, what process is the CPU hog?
> > >
> > > --
> > > Drew Cooper [MS]
> > > This posting is provided "AS IS" with no warranties, and confers no
> > rights.
> > >
> > >
> > > "Mandy" <mmmandy@hotmail.com> wrote in message
> > > news:#QkxxkWTCHA.3620@tkmsftngp08...
> > > > For my testing, I guess something has conflict between the local
> > recovery
> > > > policy and domain recovery policy.
> > > >
> > > > In addition, I guess domain controller does not support encryption
by
> > > other
> > > > machine.
> > > >
> > > > "Robert Gu [MS]" <robertg@online.microsoft.com> 级糶秎ン
> > > > news:#u1xzJVTCHA.4136@tkmsftngp08...
> > > > > Will forward this to our testers for a repro. I believe there are
> more
> > > > > details you need to give. We do have Win2K server running EFS
here.
> > Can
> > > > you
> > > > > think of anything that might help us to repro?
> > > > >
> > > > > --
> > > > > This posting is provided "AS IS" with no warranties, and confers
no
> > > > rights.
> > > > >
> > > > > Robert Gu [MS Security Developer]
> > > > > "Mandy" <mmmandy@hotmail.com> wrote in message
> > > > > news:uIdntnwSCHA.1648@tkmsftngp08...
> > > > > > Here is the detail:
> > > > > >
> > > > > > A user wants to encrypt a file in a drive, the drive is mapped
> from
> > a
> > > > > shared
> > > > > > folder on the server. When user tries to encrypt the file, the
> > server
> > > > is
> > > > > > hang and the user's PC has shown "processing".
> > > > > >
> > > > > > There is nothing being modified in the recovery agent.
Therefore,
> > > > > >
> > > > > > Server- there is one local recovery agent in the local security
> > policy
> > > > and
> > > > > > one domain recovery agent defined in the domain security policy.
> > > > > > PC - there is one local recovery agent is defined locally and
one
> > > domain
> > > > > > recovery agent is defined by the domain controller (this domain
> > > recovery
> > > > > > agent has the same certificate ID in the domain recovery agent
in
> > the
> > > > > > server).
> > > > > >
> > > > > >
> > > > > >
> > > > > > "Mandy" <mmmandy@hotmail.com> 级糶秎ン
> > > > > > news:#xfCHjwSCHA.3720@tkmsftngp08...
> > > > > > > Robert,
> > > > > > >
> > > > > > > nothing is encrypted on the server or client PC (I have
> > implemented
> > > > this
> > > > > > > scenario in the testing environment, which has the clean
> > > installation
> > > > of
> > > > > > > server and professional).
> > > > > > >
> > > > > > > I just wonder is it possible to do encrypted on server by
client
> > PC?
> > > > > > >
> > > > > > > Mandy
> > > > > > >
> > > > > > > "Robert Gu [MS]" <robertg@online.microsoft.com> 级糶秎ン
> > > > > > > news:eBiwo0sSCHA.2412@tkmsftngp13...
> > > > > > > > Encryption should not cause hang. Local recovery agent
should
> > not
> > > > > affect
> > > > > > > the
> > > > > > > > recovery policy. Is the %temp% on the server marked as
> > encrypted?
> > > > Can
> > > > > > you
> > > > > > > > provide more detailed repro steps?
> > > > > > > >
> > > > > > > > --
> > > > > > > > This posting is provided "AS IS" with no warranties, and
> confers
> > > no
> > > > > > > rights.
> > > > > > > >
> > > > > > > > Robert Gu [MS Security Developer]
> > > > > > > > "Mandy" <mmmandy@hotmail.com> wrote in message
> > > > > > > > news:#EAbVooSCHA.1880@tkmsftngp13...
> > > > > > > > > Hi everyone,
> > > > > > > > >
> > > > > > > > > Would u please give me a help. Here is the situation.
> > > > > > > > >
> > > > > > > > > Environment:
> > > > > > > > > - Windows 2000 Server promoted to a Domain Controller
> > (Server),
> > > > and
> > > > > > > domain
> > > > > > > > > computer (PC).
> > > > > > > > > - A shared folder is created on Server such that user can
> map
> > > the
> > > > > > shared
> > > > > > > > > folder as a Drive
> > > > > > > > >
> > > > > > > > > Problem: Domain User using PC encrypts the shared file on
> > > Server
> > > > > such
> > > > > > > > that
> > > > > > > > > the server will be hang.
> > > > > > > > >
> > > > > > > > > Resolution has done:
> > > > > > > > > - I have tried this scenario many many times in the
testing
> > > > > > environment,
> > > > > > > > but
> > > > > > > > > the same problem occurs.
> > > > > > > > > - I have tried to use roaming profile.
> > > > > > > > > - Domain User accounts are not marked as "sensitive and
> cannot
> > > be
> > > > > > > > delegated"
> > > > > > > > > this is following the instruction from MS White Paper.
> > > > > > > > >
> > > > > > > > > Question: I just wonder how to encrypt a file on a
> > server/domain
> > > > > > > > controller.
> > > > > > > > > Or is it possible?
> > > > > > > > >
> > > > > > > > > After a few tries on the testing environment, it works
fine
> > when
> > > I
> > > > > > > deleted
> > > > > > > > > the local recovery agent on the sever. Will that be the
> cause
> > > of
> > > > > the
> > > > > > > > > problem?
> > > > > > > > >
> > > > > > > > > Man
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
- Next message: blaman: "permissions and logging"
- Previous message: Mandy: "Re: File ENcryption Problem Detail"
- In reply to: Drew Cooper [MS]: "Re: File ENcryption Problem Detail"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
