Re: EFS encrypted files are not accessed through network on Win2K server
- From: Brian Komar <bkomarr@xxxxxxxxxxxxxxxxx>
- Date: Wed, 16 May 2007 07:20:06 -0500
On 15 May 2007 12:24:40 -0700, mifisauk@xxxxxxxx wrote:
Hi, there!
I have Win2K Adv server with shared folder. There's subfolder at the
lower level encrypted by EFS. I need to access it from client (under
the same account). I don't use CA.
My steps:
1. Export certificate and private key from server (MMC->Certificate-
Current User->Personal->Certificates-> [account name] -> Export) toshared drive somewhere.
2. Import certificate and private key to client computer (MMC-
Certificate->Current User->Personal->Certificates->Import). It storesnow at the same place as on server.
Now I try to access encrypted files - 'access denied'
What do I do wrong????
Please advice.
You need to understand how EFS works. When you encrypt files on a server,
the encryption/decryption is a local process *on the server*.
The server must be trusted for delegation and it *impersonates* the user
for these actions. The unspoken part, is that the file is transferred
to/from the client in the clear (no encryption).
When you did step 1, you possibly deleted the private key on export. You
will need to add it back. Also, you need to make sure that you are using
the correct private key (efsinfo /u /r /c will show the correct certificate
thumbprints that you need).
Step 2 was not required, as the certificate is never used on the client
Brian
.
- Follow-Ups:
- References:
- Prev by Date: Re: Group permissions
- Next by Date: Re: Group permissions
- Previous by thread: EFS encrypted files are not accessed through network on Win2K server
- Next by thread: Re: EFS encrypted files are not accessed through network on Win2K server
- Index(es):
Relevant Pages
|
|
