Re: EFS Questions
From: David Cross [MS] (dcross_at_online.microsoft.com)
Date: 08/08/03
- Next message: Tim: "Re: Latest security patches"
- Previous message: Harald Bilke: "Re: dump local users (remotely)"
- In reply to: Howard: "Re: EFS Questions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 8 Aug 2003 05:54:01 -0700
I know it sounds confusing, but when the files exist on a remote machine,
the encryption.decryption is always performed on the remote machine, even if
you have a mapped drive. Hence the requirement that the remote machine be
trusted for delegation and that you have a RUP that contains the DRA key and
cert.
Refer back to this whitepaper:
http://www.microsoft.com/WindowsXP/pro/techinfo/administration/recovery/default.asp
-- David B. Cross [MS] -- This posting is provided "AS IS" with no warranties, and confers no rights. http://support.microsoft.com "Howard" <Howard@Audio*guy.net> wrote in message news:vp25jvoknfflabhbosbltdm0enlakbikpl@4ax.com... > David, thank your for your response to all my questions. However, I'm > still confused about question #1. > > Let's say I'm the designated DRA for a Win2K Domain. My file recovery > certificate and keys are on my local machine. If a user encrypts a > file on their own local computer - or on a shared drive on a file > server, could I decrypt by just mapping a drive from my local machine > (where my cert is installed) to either the file server or the user's > local machine (where the encrypted files are located) and decrypt? Or > do I HAVE TO back-up their encrypted files and restore it to my own > local machine in order to decrypt? Can I just copy of move the files > to my own local computer instead of using back-up and restore (yes, I > have NTFS on my local machine as well)? > > I believe your response of using roaming profiles applies only if I > (as the DRA) use other computers to decrypt files. My question is > that I'll use my own local machine, I just want to map a drive to > other machines - and not sure if this would work. > > Thanks for your help, > > Howard > > On Thu, 7 Aug 2003 05:15:31 -0700, "David Cross [MS]" > <dcross@online.microsoft.com> wrote: > > >1. that would require that the remote computer be trusted for delegation > >and that the DRA have a roaming user profile. EFS: > > My original question: > > 1. If someone encrypts files on their local computer (in a domain > > based environment) and later needs to be decrypted by the FRA, > > Microsoft recommends backing up the encrypted file/directory, and then > > restoring it to my own computer (since my private key as the FRA is on > > my local machine). Then I'm able to decrypt the files. Can I just > > map a drive to the other persons computer and decrypt? Do I have to > > backup and restore? Why not just copy or move - or better still, map > > a drive and decrypt remotely? > > Posted Via Usenet.com Premium Usenet Newsgroup Services > ---------------------------------------------------------- > ** SPEED ** RETENTION ** COMPLETION ** ANONYMITY ** > ---------------------------------------------------------- > http://www.usenet.com
- Next message: Tim: "Re: Latest security patches"
- Previous message: Harald Bilke: "Re: dump local users (remotely)"
- In reply to: Howard: "Re: EFS Questions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
