Re: David Cross' article

From: Alain Remont (aremont@ozemail.com.au)
Date: 06/12/02

• Next message: murlee: "log off idle time"
• Previous message: captclarence: "how do i merge user accounts"
• In reply to: Alain Remont: "Re: David Cross' article"
• Next in thread: Roger Abell: "Re: David Cross' article"
• Reply: Roger Abell: "Re: David Cross' article"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "Alain Remont" <aremont@ozemail.com.au>
Date: Wed, 12 Jun 2002 16:44:38 +1000

But I cannot get it to work... Here goes.

I am on an XP Pro machine, logged on as an administrator account, say A1.

I use cipher "/r:keyfile" which produces "keyfile.cer" and "keyfile.pfx" (I
don't understand the difference between these two files, they seem to
contain the same certificate--same thumbprint). Then I go into MMC and into
the Local Computer Policy/Windows Settings/Public Key Policies/Encrypting
File System/Add Data Recovery Agent, which finds no suitable user, so asks
me for a file. I offer keyfile.cer which imports successfully.

Now I create a non-administrator user, say U1. Switch to U1 and create a
small text file which U1 then encrypts by using the Explorer properties,
advanced, checkbox etc. Drag the now encrypted file to the shared folder.

Go back as A1. Sure enough there is now an encrypted file in the shared
folder, but I cannot read it. Go into MMC and import (either keyfile.cer or
keyfile.pfx, same thing happens) in the Certificates (current
user)/Personal/Certificates.

Then I try Explorer and untick the encrypted checkbox. No cigar: Access
Denied!

When I go back as U1 to probe the file, I find that U1 has unlimiyed access
and that A1 is the Data Recovery Agent with the correct thumbprint for the
certificate. What is amiss???

I have read and re-read David's article to no avail. I must be missing or
mis-understanding something, but what?

Thanks anyone (Roger?) for any help you might offer.

A

"Alain Remont" <aremont@ozemail.com.au> wrote in message
news:#TDz5KaECHA.2104@tkmsftngp02...
> Got it, thanks!!!
>
> A
>
> "Roger Abell" <mvpNOSPAM@asu.edu> wrote in message
> news:u3sCUaQECHA.2596@tkmsftngp05...
> > You Start / Run <= mmc
> > and add the Certificates snapin.
> > Then, navigate to your Personal / Certificates
> > Locate the cert for EFS, highlight it, and in its
> > (right click) context menu choose to Export.
> >
> > --
> > Roger Abell
>
>
>

---

• Next message: murlee: "log off idle time"
• Previous message: captclarence: "how do i merge user accounts"
• In reply to: Alain Remont: "Re: David Cross' article"
• Next in thread: Roger Abell: "Re: David Cross' article"
• Reply: Roger Abell: "Re: David Cross' article"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Recovering EFS from a Backup ... when I go to an encrypted file as a stand ... alone user, logging into the stand alone ... I went into the MMC, Certificates, ... >> I tried logging on the local account, ... (microsoft.public.windowsxp.security_admin) Re: EFS/DRA ... Associated with the user is a Cert Thumbprint. ... User Object --> Certificates. ... You are creating a profile on the remote machine, generating a new EFS certificate, and attempting to open it with that certificate. ... It is not a transfer of the encrypted file to your machine. ... (microsoft.public.security) Re: Using EFS on a server shared drive ... Windows XP performs revocation checking on all certificates for other users ... I want multiple users to share an encrypted file on a File server using ... (microsoft.public.windows.server.active_directory) using EFS & WebDAV with multiple users ... EFS in combination with WebDAV: ... certificates, ... they are able to access and decrypt the encrypted file ... users who are allowed to access/decrypt the file. ... (microsoft.public.win2000.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)