R
Rob Rohrbough
I have some data I wish to encrypt. All of the CryptoAPI
strong algorithms are too slow. I am considering using
EFS (vs a third-party strong symmetric encryption like
Blowfish) on a Win2k Pro workstation in a peer-to-peer
network. The first basic test I ran showed that users on
other Win2k- or NT-based machines can still access the
files in the secured directory. Users on Win9x machines
were locked out as were other users (even with
administrative priviledges) on the same machine as the
files owner.
Here are more specifics: I have a partition, E:, which is
shared with all users on my network. I have created a
direcrory, SecTest, which I have encrypted and restricted
access from anyone but the owner of the directory. The NT
and Win2k machines are not accessing the file as the
owner. That is an option when connecting to a share, but,
AFAIK, I did not do that. I even created another
connection just to make sure I was not "connecting as".
Still could gain access.
Is this expected behavior? Is there a way to restrict
access to that directory from other machines on the LAN
short of putting the directory on a partition that is not
shared at all or by specific directory?
TIA,
Rob
strong algorithms are too slow. I am considering using
EFS (vs a third-party strong symmetric encryption like
Blowfish) on a Win2k Pro workstation in a peer-to-peer
network. The first basic test I ran showed that users on
other Win2k- or NT-based machines can still access the
files in the secured directory. Users on Win9x machines
were locked out as were other users (even with
administrative priviledges) on the same machine as the
files owner.
Here are more specifics: I have a partition, E:, which is
shared with all users on my network. I have created a
direcrory, SecTest, which I have encrypted and restricted
access from anyone but the owner of the directory. The NT
and Win2k machines are not accessing the file as the
owner. That is an option when connecting to a share, but,
AFAIK, I did not do that. I even created another
connection just to make sure I was not "connecting as".
Still could gain access.
Is this expected behavior? Is there a way to restrict
access to that directory from other machines on the LAN
short of putting the directory on a partition that is not
shared at all or by specific directory?
TIA,
Rob