Using EFS with Network Shares and SFU 3.5

---

• From: "dln" <dnadon_nospm@xxxxxxxxxxx>
• Date: Tue, 21 Nov 2006 14:51:30 -0600

---

Hello all,

Our site is running in an environment that is required to support both
Windows and *nix clients. To help support our clients, we have a central
Windows 2K3 SP1 file server that also has the NFS server component from
Services For Unix 3.5 installed and running on it. The idea is that our
users can access their home directory, regardless of the OS they are using.
This setup hasn't presented any problems, but today I was doing some testing
with EFS on the file server and I found some inconsistencies when I access
an encrypted file over a network share via Windows Explorer versus accessing
the same file from a Linux client that has my home directory mounted from
the Windows file server via NFS.

On my Windows XP client, I can access my home directory on the file server
and encrypt a file. This file is then inaccessible to other network users
via Windows Explorer as I would expect. However, if I log into a Linux
client that has my home directory mounted via NFS, "su" to another user
(same user that couldn't access the file via Windows Explorer - _not_ the
root user), this user can then open that same encrypted file (using vi) that
was previously inaccessible when going through Windows Explorer. If this
file was actually encrypted, I would have expected to see a bunch of
gooblygook.

I have read that EFS encrypted files are transmitted over the network in the
clear and maybe this is a result of that behavior, but I would have expected
that file server check the requesting user's credentials before allowing
access to the file? Along those lines, it may be a result of the file
server being delegated, a topic that I must admit I don't understand that
well. In any event, I'm hoping someone can tell me whether or not I have a
(mis)configuration problem or if this is expected behavior?

Thanks.


.

---

• Follow-Ups:
  • Re: Using EFS with Network Shares and SFU 3.5
    • From: Roger Abell [MVP]

• Prev by Date: Re: Utility to monitor who accesses a particular directory?
• Next by Date: Re: HOW CAN i GET THE ADMINISTRATOR PASSWORD?
• Previous by thread: Utility to monitor who accesses a particular directory?
• Next by thread: Re: Using EFS with Network Shares and SFU 3.5
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Using EFS with Network Shares and SFU 3.5 ... Windows and *nix clients. ... Windows 2K3 SP1 file server that also has the NFS server component from ... when I access an encrypted file over a network share via Windows Explorer ... On my Windows XP client, I can access my home directory on the file ... (microsoft.public.windows.server.security) Access Denied and NO OWNER SHOWN on Networked Drive ... Because my new system is the beefiest one with the most hard drive space, I use it as a file server only so much in that it stores applications, patches, game mods, updates, and so forth. ... I activated the "Owner" column in Windows Explorer on both my system and the client. ... (microsoft.public.windowsxp.help_and_support) Re: Using EFS with Network Shares and SFU 3.5 ... Windows and *nix clients. ... Windows 2K3 SP1 file server that also has the NFS server component from ... when I access an encrypted file over a network share via Windows Explorer ... On my Windows XP client, I can access my home directory on the file server ... (microsoft.public.windows.server.security) IPSec transport mode issues between client and file server ... I have a Windows XP pro client and a Windows 2003 file server in the same ... which indicates a successful IKE exchange. ... (microsoft.public.windows.server.security) RE: Printing from Win9x clients stops ... Open Server Management. ... then right-click the name of the computer running Windows Small Business ... >From the client computer: ... The Select Network Component Type ... (microsoft.public.windows.server.sbs)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)