D
Dennis van der Meer
Hi,
I am currently studying to become a MCSA. One of the requirements is
knowing how to work with EFS.
To test around with Windows Server 2003 I created a VMWare setup that
contains a Windows Server 2003 Enterprise Edition and a Windows XP
Professional workstation.
On the server I created 2 users: Test1 and Test2.
The user Test2 was created by using a copy of Test1 and filling in the
blanks. I also create an OU called Administration and this is where
both user accounts reside.
On the server I created a share (share permissions: Full control, NTFS
permissions: Administration Change permissions).
On the client side I log in with user Test1. After this I go to the
share and create a folder, named "Encrypted". In this folder I simply
copy a few files and they are all encrypted afterwards (because I set
the folder properties to encrypted).
Then I want to share one of the files with user Test2 so he can open
the file too. So I go to the properties | Advanced | Details, and I
can clearly see that user Test1 is already able to view this file.
The Data Recovery Agent is the Administrator (default, and currently I
don't need this). So now I want to add Test2 to the list of users who
can transparently access the file so I click Add. In the Select User
dialog I don't see any other users (shouldn't Test2 be in this list
also?).
I have a few questions regarding this:
1. How is it that Test1 has a certificate (by default) and Test2
doesn't appear to have one?
2. Is there a way to give user Test2 a new certificate (issue a new
one) without setting up a CA on the server?
I can test the whole concept with the Administrator and Test1 (they
both have certificates) and I can add Test1 to the list of users who
can access a certain document. But Test2 doesn't appear anywhere.
Regards,
Dennis van der Meer
I am currently studying to become a MCSA. One of the requirements is
knowing how to work with EFS.
To test around with Windows Server 2003 I created a VMWare setup that
contains a Windows Server 2003 Enterprise Edition and a Windows XP
Professional workstation.
On the server I created 2 users: Test1 and Test2.
The user Test2 was created by using a copy of Test1 and filling in the
blanks. I also create an OU called Administration and this is where
both user accounts reside.
On the server I created a share (share permissions: Full control, NTFS
permissions: Administration Change permissions).
On the client side I log in with user Test1. After this I go to the
share and create a folder, named "Encrypted". In this folder I simply
copy a few files and they are all encrypted afterwards (because I set
the folder properties to encrypted).
Then I want to share one of the files with user Test2 so he can open
the file too. So I go to the properties | Advanced | Details, and I
can clearly see that user Test1 is already able to view this file.
The Data Recovery Agent is the Administrator (default, and currently I
don't need this). So now I want to add Test2 to the list of users who
can transparently access the file so I click Add. In the Select User
dialog I don't see any other users (shouldn't Test2 be in this list
also?).
I have a few questions regarding this:
1. How is it that Test1 has a certificate (by default) and Test2
doesn't appear to have one?
2. Is there a way to give user Test2 a new certificate (issue a new
one) without setting up a CA on the server?
I can test the whole concept with the Administrator and Test1 (they
both have certificates) and I can add Test1 to the list of users who
can access a certain document. But Test2 doesn't appear anywhere.
Regards,
Dennis van der Meer