Hi Brian,
thanks for fast reply!
Hi, there!
I have Win2K Adv server with shared folder. There's subfolder at the
lower level encrypted by EFS. I need to access it from client (under
the same account). I don't use CA.
My steps:
1. Export certificate and private key from server (MMC->Certificate-
Current User->Personal->Certificates-> [account name] -> Export) to
shared drive somewhere.
2. Import certificate and private key to client computer (MMC-
Certificate->Current User->Personal->Certificates->Import). It stores
now at the same place as on server.
Now I try to access encrypted files - 'access denied'
You need to understand how EFS works.
I still cannot find any documentation about that... Some MS resources
are being like pieces..
When you encrypt files on a server,
the encryption/decryption is a local process *on the server*.
The server must be trusted for delegation and it *impersonates* the user
Sorry, I forgot to mention, it is definitely trusted for delegation. I
double checked...
When you did step 1, you possibly deleted the private key on export. You
will need to add it back. Also, you need to make sure that you are using
the correct private key (efsinfo /u /r /c will show the correct
certificate
thumbprints that you need).
Using efsinfo on the server I could see 'users who can decrypt' and
'certificate thumbprint' I need. However, if I do efsinfo remotely
from client in shared folder I could see only 'users who can
decrypt' (no 'certificate thumbprint' ).
Despite it's the same user 'domain\username', I cannot read file from
client (access denied). Reading the same file on the server is no
problem.
Again, what we have:
1. Server is trusted for delegation.
2. Server has share with encrypted subfolder with some file. User
'domain\username' can locally read file with no problem.
3. Client computer connected to that share. Same user 'domain
\username' cannot read the same file (access denied).
Same question:
What do I do wrong????
