Re: Encrypting Remote Files with EFS



Sam Jost
07-09-2005, 11:50 PM
Hi Zack,

Ah well, I played around with EFS a bit and got some small input for
you:

if you encrypt a file on your local client hdd windows will create a
local zertificate (A) you need to access this file.

if the same domain user encrypts a file on some other local comps hdd
it will create a new local zertifacte (B) there, too, to encrypt the
file.

if you encrypt a file on a domain server hdd, the server will create a
domain zertifacte (C) to encrypt the file.

if you now attach the hdd of the first local to the second comp, you
will not be able to decrypt the file (unless you export the (A) first
and import it to the second comp) since the local zertificate (B) will
be used.

but if you try to access the file on the server hdd windows will use
the server based zertificate (C) and can decrypt it just fine.


I dont like this behaviour as well. I in my case do not want the server
to store data and zertificates in one place, I'd rather like the zert
to reside on the client only, so when someone steals my server they got
no chance of accessing the data on the hdd. Well, but thats just me...

cu,
Sam


Re: Encrypting Remote Files with EFS