Re: EFS not secure on LAN
From: David Cross [MS] (dcross_at_online.microsoft.com)
Date: 07/31/03
- Next message: Nikitas: "Re: 2 power users same computer"
- Previous message: David Cross [MS]: "Re: CDROM security"
- In reply to: Rob Rohrbough: "Re: EFS not secure on LAN"
- Next in thread: Herb Martin: "Re: EFS not secure on LAN"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 31 Jul 2003 05:24:11 -0700
IN windows 2000, the EFS cache can only be cleared with a reboot. In
Windows XP and above, the cache can be cleared with a user logoff.
-- David B. Cross [MS] -- This posting is provided "AS IS" with no warranties, and confers no rights. http://support.microsoft.com "Rob Rohrbough" <Rob_RSD@yahoo.com> wrote in message news:0bce01c3570f$23a8b210$7d02280a@phx.gbl... > Steven, > > Thanks for your reply. They can see the actual data. I > did play around with the NTFS file permissions and was > able to restrict access to directories by share. It > appears that, if you can gain access to a share up the > hierarchy, sub-folders will appear as well. That appears > to be different than my experience with different users on > the same machine. > > Anyway, after rebooting, the lack of a certificate kept > everyone, including the owner, from seeing the data in the > files. Apparently there is some kind of cache working > that needs to be cleared. It would be nice if there is a > less-severe way of clearing the cache. You have any ideas? > > Thanks again, > > Rob > > > >-----Original Message----- > > They can see the files or they can see the actual > data? Check ntfs > >advanced permissions also to see if any users or groups > exist there. Make > >sure that just the user you want is included in the ntfs > permissions and > >system if it is there, no one else - no everyone, users, > power users, > >guest, etc. Double check that the permissions assigned to > the folder have > >actually propagated down to the individual files. Check > the properties of > >the files to make sure they are in fact encrypted and use > the cipher utility > >in that folder to see if it reports the same. If network > users have proper > >ntfs/share permissions, they may be able to "see" the > encrypted files but > >not the file contents if they are in fact encrypted they > would get an access > >denied message when trying to access a file. You may > also want to > >reconsider sharing a whole drive, though that is not the > problem with your > >EFS.--- Steve > > > >http://support.microsoft.com/default.aspx?scid=kb;en- > us;298009 > >http://support.microsoft.com/default.aspx?scid=kb;EN- > US;223316 > > > >"Rob Rohrbough" <Rob_RSD@yahoo.com> wrote in message > >news:03af01c356e5$665657e0$a501280a@phx.gbl... > >> I have Win2k pro on a workgroup LAN. I have marked a > >> directory as secure and removed all permissions but the > >> owner's. When I log into the computer with another user > >> name, the folder is not accessible to that user. > >> > >> However, that directory is on a drive that is shared > with > >> other computers on my peer-to-peer LAN. Users on any > >> WinNT-based machine can see the encrypted data; users on > >> Win0x-based machines are restricted fromt the directory. > >> > >> I have removed the certificate from the system. > >> > >> What am I doing wrong? > >> > >> TIA, > >> > >> Rob > > > > > >. > >
- Next message: Nikitas: "Re: 2 power users same computer"
- Previous message: David Cross [MS]: "Re: CDROM security"
- In reply to: Rob Rohrbough: "Re: EFS not secure on LAN"
- Next in thread: Herb Martin: "Re: EFS not secure on LAN"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
