Re: bug with efs on server 2003
- From: "Brian Komar \(MVP\)" <brian.komar.nospam@xxxxxxxxxxxxxxxxx>
- Date: Mon, 10 Mar 2008 13:17:30 -0500
sigh....
"Goldorak-Go" <GoldorakGo@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:1485A423-A2A9-4C5F-A50C-9ABB947BD752@xxxxxxxxxxxxxxxx
Hi Brian Komar!!!nope.
Thank you for your response, but I 'm still thinking that something is going
wrong.
EFS use the public key to encrypt the FEK and the FEK encrypts the efs file.
EFS automatically obtains the user’s public key from the user’s X.509
version 3 file encryption certificate.
EFS never need the private key to encrypt data.
The private key is only needed to decrypt the FEK and then the efs file.
So far, so true.
Nope, it also checks that you have the private key to be able to decrypt the file.
So if I export and delete the private key that is stored localy, and if I
let the corresponding certificate in place on this server then I must be able
to encrypt using the public key of this certificate.
And this is what is going wrong in my case.
You cannot open the file without the private key.
Because the existing certificate is not used. In fact another certificate
and its private key is generated when I put a new file in the encrypted
folder.
Yep, expected behavior.
Most of all, I tried the same procedure on a XP workstation and everything
is going well like I expected and I tried this several times.
But with my Windows server 2003 this is not the same.
You are going down a non-supported path. Do not delete the private key.
anybody has an idea ???
.
- Follow-Ups:
- Re: bug with efs on server 2003
- From: Goldorak-Go
- Re: bug with efs on server 2003
- References:
- Re: bug with efs on server 2003
- From: Brian Komar \(MVP\)
- Re: bug with efs on server 2003
- Prev by Date: Re: User LastLogin not changed when accessing a shared folder.
- Next by Date: Re: NISPOM Chapter8
- Previous by thread: Re: bug with efs on server 2003
- Next by thread: Re: bug with efs on server 2003
- Index(es):
Relevant Pages
|
|
