Re: EFS network folders
From: David Cross [MS] (dcross@online.microsoft.com)
Date: 12/15/02
- Next message: Ray at home: "Re: Changed Domain to Workgroup now can't login"
- Previous message: David Cross [MS]: "Re: set cert request status to pending?"
- In reply to: Rix: "Re: EFS network folders"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "David Cross [MS]" <dcross@online.microsoft.com> Date: Sun, 15 Dec 2002 08:39:34 -0800
No, this is not correct. The user must have the key to the file, it has
nothing to do with groups.
-- David B. Cross [MS] -- This posting is provided "AS IS" with no warranties, and confers no rights. http://support.microsoft.com "Rix" <r.noli@tin.it> wrote in message news:AHnK9.14462$ab2.416702@news1.tin.it... > Well, > EFS was introduced to prevent abuse from unauthorized access to stolen hard > disks from laptops or desktops. That was beacuse NTFS itself could prevent > unwanted acces to user data setting security attributes to folders and > files, but that wouldn't work if a HD was stolen and installed in a new > NT/2000 installation. > Right? > So I thought that enabling EFS on a folder would encrypt contents making > data accessible only by the user that applied the encryption to a particular > folder or file. > But it looks like that any user member of the same group of the user that > stores encrypted data on a network (or local) folder can still "read" > contents even if encrypted! > Say that EFS works only if the disk is unmounted and attached to a new (or > different) installation. > Right? > > > > "D. Cross [MS]" <dcross@online.microsoft.com> wrote in message > news:e9ZiY6roCHA.1964@TK2MSFTNGP10... > > EFS does not work that way. Your steps are confusing, can you restate the > > repro steps for the problem? > > > > -- > > > > David B. Cross [MS] > > > > -- > > This posting is provided "AS IS" with no warranties, and confers no > rights. > > > > "Rix" <r.noli@tin.it> wrote in message > > news:XZ3K9.10731$ab2.297354@news1.tin.it... > > > A WinXP + SP1 workstation is connected to a Windows 2000 Server + SP3. > > > > > > User Goofy (member of Administrators on wks and server), switches a > > network > > > folder on server, from the workstation, to encrypted status. > > > The content of the files in the encrypted folder is readable by any user > > > member of the Administrators group on the server. > > > Example: mydoc.txt opened on the server by any admin with Notepad, shows > > > itself unscrambled, unencrypted.... > > > Why is that? > > > > > > What I want to achieve is: > > > user Goofy places it's files on the server in a way that for any other > > user > > > except him are encrypted! > > > > > > I've followed what explained in Technet's article > > > > > > (http://www.eu.microsoft.com/technet/treeview/default.asp?url=/TechNet/prodt > > > echnol/winxppro/proddocs/encrypt_to_encrypt_remotefile.asp) "To encrypt > a > > > file or folder on a remote computer". > > > > > > 1) I have enabled "trust for delegation" on the server > > > 2) From the workstation i have selected the network folder and in the > > > advanced properties selected "encrypt contents to secure data". > > > 3) When the operation completed the folders on the server appeared in > > green > > > color (files also). > > > 4) When logging from the server with the administrator account, files > are > > > readable! > > > > > > Any hint? > > > > > > > > > > > >
- Next message: Ray at home: "Re: Changed Domain to Workgroup now can't login"
- Previous message: David Cross [MS]: "Re: set cert request status to pending?"
- In reply to: Rix: "Re: EFS network folders"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
