Re: EFS not secure on LAN
From: Rob Rohrbough (Rob_RSD_at_yahoo.com)
Date: 07/31/03
- Next message: Lasher: "Re: External logon attempt IP addresses"
- Previous message: Herb Martin: "Re: EFS not secure on LAN -- if accurate it is a BUG"
- In reply to: Steven L Umbach: "Re: EFS not secure on LAN"
- Next in thread: Steven Umbach: "Re: EFS not secure on LAN"
- Reply: Steven Umbach: "Re: EFS not secure on LAN"
- Reply: David Cross [MS]: "Re: EFS not secure on LAN"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 30 Jul 2003 19:55:03 -0700
Steven,
Thanks for your reply. They can see the actual data. I
did play around with the NTFS file permissions and was
able to restrict access to directories by share. It
appears that, if you can gain access to a share up the
hierarchy, sub-folders will appear as well. That appears
to be different than my experience with different users on
the same machine.
Anyway, after rebooting, the lack of a certificate kept
everyone, including the owner, from seeing the data in the
files. Apparently there is some kind of cache working
that needs to be cleared. It would be nice if there is a
less-severe way of clearing the cache. You have any ideas?
Thanks again,
Rob
>-----Original Message-----
> They can see the files or they can see the actual
data? Check ntfs
>advanced permissions also to see if any users or groups
exist there. Make
>sure that just the user you want is included in the ntfs
permissions and
>system if it is there, no one else - no everyone, users,
power users,
>guest, etc. Double check that the permissions assigned to
the folder have
>actually propagated down to the individual files. Check
the properties of
>the files to make sure they are in fact encrypted and use
the cipher utility
>in that folder to see if it reports the same. If network
users have proper
>ntfs/share permissions, they may be able to "see" the
encrypted files but
>not the file contents if they are in fact encrypted they
would get an access
>denied message when trying to access a file. You may
also want to
>reconsider sharing a whole drive, though that is not the
problem with your
>EFS.--- Steve
>
>http://support.microsoft.com/default.aspx?scid=kb;en-
us;298009
>http://support.microsoft.com/default.aspx?scid=kb;EN-
US;223316
>
>"Rob Rohrbough" <Rob_RSD@yahoo.com> wrote in message
>news:03af01c356e5$665657e0$a501280a@phx.gbl...
>> I have Win2k pro on a workgroup LAN. I have marked a
>> directory as secure and removed all permissions but the
>> owner's. When I log into the computer with another user
>> name, the folder is not accessible to that user.
>>
>> However, that directory is on a drive that is shared
with
>> other computers on my peer-to-peer LAN. Users on any
>> WinNT-based machine can see the encrypted data; users on
>> Win0x-based machines are restricted fromt the directory.
>>
>> I have removed the certificate from the system.
>>
>> What am I doing wrong?
>>
>> TIA,
>>
>> Rob
>
>
>.
>
- Next message: Lasher: "Re: External logon attempt IP addresses"
- Previous message: Herb Martin: "Re: EFS not secure on LAN -- if accurate it is a BUG"
- In reply to: Steven L Umbach: "Re: EFS not secure on LAN"
- Next in thread: Steven Umbach: "Re: EFS not secure on LAN"
- Reply: Steven Umbach: "Re: EFS not secure on LAN"
- Reply: David Cross [MS]: "Re: EFS not secure on LAN"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
