Re: Certificate not shown with efsinfo /y
From: David Cross [MS] (dcross_at_online.microsoft.com)
Date: 04/08/04
- Next message: Louise: "mqsvc error after upgrading to NAV2004"
- Previous message: Alias: "Re: CPU occupation!!!!"
- In reply to: Bert Roos: "Re: Certificate not shown with efsinfo /y"
- Next in thread: Bert Roos: "Re: Certificate not shown with efsinfo /y"
- Reply: Bert Roos: "Re: Certificate not shown with efsinfo /y"
- Reply: Bert Roos: "Re: Certificate not shown with efsinfo /y"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 8 Apr 2004 05:20:37 -0700
Is the remote machine joined to AD and the machine account trsuted for
delegation? did you import the cert and private key under the same domain
user account on the second machine?
http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx
-- David B. Cross [MS] -- This posting is provided "AS IS" with no warranties, and confers no rights. http://support.microsoft.com "Bert Roos" <reply@to.group> wrote in message news:u%23RSUrTHEHA.2164@TK2MSFTNGP12.phx.gbl... > Thanks Drew, that indeed makes efsinfo/y show the certificate. But to be > honest, that was not my real problem. I was hoping that I could access > encrypted files on a remote computer once the certificate was shown by > efsinfo. > So the real problem is that I have encrypted files on computer A. I've > exported the certificate on A and imported it on computer B. Now I expected > to be able to remotely read the encrypted files on computer A. To accomplish > that, I use a single domain account and both computers are part of that same > ADS domain. > > When I type efsinfo /y /c on computer B, I see that the thumb print of the > users who can access the encrypted remote files, is identical to the current > user EFS certificate, but when I try to read such a file, I get 'access > denied'. > > Hope you know the fix for this one too! > > Regards, Bert > > > "Drew Cooper [MSFT]" <dcoop@online.microsoft.com> wrote in message > news:%23hm$yKPHEHA.640@TK2MSFTNGP10.phx.gbl... > > "efsinfo /y" shows the user's current EFS cert hash. It's considered > > "current" once it's been used to encrypt something on the machine. I > don't > > recall whether enrollment also sets the reg value that makes this > "current". > > Autoenrollment updating the cert should update the "current" cert, though. > > > > Oh - and the pfx wizard doesn't set the reg value. > > > > Quick and dirty way to make sure "efsinfo /y" shows the thumbnail even > after > > an import w/ the pfx wizard: create a small temporary file, encrypt it > > (which sets the reg value), then delete the file. > > -- > > Drew Cooper [MSFT] > > This posting is provided "AS IS" with no warranties, and confers no > rights. > > > > > > "Bert Roos" <reply@to.group> wrote in message > > news:uiduagKHEHA.3832@TK2MSFTNGP10.phx.gbl... > > > Hi, > > > > > > I've an EFS certificate that shows up in the certificates MMC snapin > > that's > > > not shown with efsinfo /y. > > > This certificate was first requested from the CA on computer A, by user > U. > > > User U exported this certificate (with the private key) and imported it > on > > > computer B (both computers A and B as well as user U are part of the > same > > > ADS domain). When typing efsinfo /y on computer A, the certificate is > > shown, > > > but not on computer B. > > > > > > Any help on how to resolve this, whould be greatly apprecieated. > > > > > > Thanks, Bert Roos > > > > > > (please reply to group). > > > > > > > > > > > >
- Next message: Louise: "mqsvc error after upgrading to NAV2004"
- Previous message: Alias: "Re: CPU occupation!!!!"
- In reply to: Bert Roos: "Re: Certificate not shown with efsinfo /y"
- Next in thread: Bert Roos: "Re: Certificate not shown with efsinfo /y"
- Reply: Bert Roos: "Re: Certificate not shown with efsinfo /y"
- Reply: Bert Roos: "Re: Certificate not shown with efsinfo /y"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
