EFS Registry Key Different on Different Machines

  • Thread starter Thread starter JH
  • Start date Start date
J

JH

We are trying to follow this file to read the Encrypted File System
settings:
http://download.microsoft.com/download/9/5/E/95EF66AF-9026-4BB0-A41D-A4F81802D92C/[MS-GPEF].pdf

So far we have two questions:

1. The file says that the registry keys for the EFS recovery agents are
under:

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\EFS\Certificates

We did some testing on two Windows XP machines by:
i) manually examining the registry structure in RegEdit
ii) traversing the registry structures with code, with the root key returned
by
the group policy object:
pGroupPolicyObject->OpenLocalMachineGPO(GPO_OPEN_LOAD_REGISTRY);

hr = pGroupPolicyObject->GetRegistryKey(2, &hGPOSectionKey);

On the first machine, both in Regedit, and in the display of the code, we
see a key
structure as described in the PDF file.

On the second machine, we see a key structure as described in the PDF file
from RegEdit. Howerver, in the code output, the keys exist in a different
registry key:

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Cryptography\AutoEnrollment\SystemCertificates\CA\Certificates\CRLs\CTLs\EFS\Certificates

Is this by design? Or is it that we are not doing this right?


2. To read and write the EFS settings, is it necessary to use the \Software
registry key handle
that I get from pGroupPolicyObject->GetRegistryKey()? Can I instead
directly access
the registry by opening this key:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\EFS

It seems that with the \Software key we get from GP object, we can only see
the GP
related keys. Of course if we open \Software directly with registry APIs, we
see a whole
bunch of others. So we assume that using the \Software key from GP object is
the
correct way. Then we are rather confused about the fact that we are getting
different
key structures when using GP \software key, than when we browse manually.

Thanks.
 
Sorry for cross-posting. I realize this probably isn't the right group to
post this question.
I just posted it again on microsoft.public.platformsdk.security.
 
Back
Top