Re: EFS Certificate Issue
From: Eric Skibicki (plus_at_nerdinc.com)
Date: 03/04/04
- Next message: Jeff Cochran: "Re: Howto read a specific users encrypted password"
- Previous message: Jesper: "Re: Howto read a specific users encrypted password"
- In reply to: Drew Cooper [MSFT]: "Re: EFS Certificate Issue"
- Next in thread: Drew Cooper [MSFT]: "Re: EFS Certificate Issue"
- Reply: Drew Cooper [MSFT]: "Re: EFS Certificate Issue"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 4 Mar 2004 09:36:29 -0600
So my question has to be, what is the point of having the keys published to
active directory then?
Interesting scenario I tried last night... I encrypted a file on a remote
computer using the AD public key, I then tried opening the file on the
machine I know the AD key was generated on.. The user still couldnt read the
file...
Eric
"Drew Cooper [MSFT]" <dcoop@online.microsoft.com> wrote in message
news:OsoPDBZAEHA.132@TK2MSFTNGP10.phx.gbl...
> Keys are stored in a user's profile. If the profile doesn't roam, neither
> will the keys. And if there's no key available, EFS will request (or
> generate) another keypair when encrypting a file.
> --
> Drew Cooper [MSFT]
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
>
> "Eric Skibicki" <plus@nerdinc.com> wrote in message
> news:uTlo%23fWAEHA.3712@tk2msftngp13.phx.gbl...
> > Hello All,
> >
> > I have a couple win2k3 servers up, both are domain controllers in a
the
> > same forest (sc), and one of them (debbie) is running a certificate
> > authority (enterprise root). When I encrypt a file on a workstation,
the
> > CA generates an EFS key, and uses that key on the local workstation.
> >
> > The problem comes in when I try to encrypt a file on the other domain
> > controller via a mapped drive from the workstation. The user all of a
> > sudden generates a new key with himself as the issuer, and encrypts the
> file
> > that way.
> >
> > Wanting to test something, I wrote a program that uses
> > AddUsersToEncryptedFile and EncryptFile to encrypt a file and add my
test
> > user's AD/CA EFS key to that file. This was all done on the domain
> > controller that is hosting the share. When my test user attempts to
open
> > that file (mind you it does have his CA EFS key attached (i can view the
> > properties, it is correct)) it gives an access denied....
> >
> > Any ideas what is causing this behaviour?
> >
> > Eric
> >
> >
>
>
- Next message: Jeff Cochran: "Re: Howto read a specific users encrypted password"
- Previous message: Jesper: "Re: Howto read a specific users encrypted password"
- In reply to: Drew Cooper [MSFT]: "Re: EFS Certificate Issue"
- Next in thread: Drew Cooper [MSFT]: "Re: EFS Certificate Issue"
- Reply: Drew Cooper [MSFT]: "Re: EFS Certificate Issue"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
