When using EFS on DC, a user profile is automatically generated on the server

  • Thread starter Thread starter Taurin
  • Start date Start date
T

Taurin

Greetings,

we're just playing around with EFS on a test DomainController.

Following set:
1 Windows 2000 DomainContriller with User-Management over the AD
1 Windows XP Client
1 3rd Party CA

I created both certificates for the user and the recovery agent,
placed the public key of the recovery agent in the group policy and
imported the P12-File containing public and private key of the user on
the client station, logged in as the domain user.

When I'm on the client and create a file on/copy a file to the shares
on the DC and encrypt and decrypt it using EFS it works. I wondered
how this could work, because EFS needs the private key of the user who
encrypts/decrypts the file, and there is no private key on the server.
I checked the local profiles on the _server_ and saw that each time I
access a shared folder located on the server with the client
containing a crypted file, a local profile for the User is
automatically created on the server. Is contains the keyset and e.g.
the temporary internet data. If I delete this local profile, each time
I access the folder again, it's copied again.

I searched the web for more information on this automatism but I
failed. So maybe someone of you guys has more informations on this
process for me?

THX!
 
But I don't have roaming profiles. The profiles of the users are
stored on their local machines. Only if I use EFS with that user, the
profile is copied from the local machine to the server containing the
private key set of the user.
 
!! Please forget my previous posting, I suppose it was too late at
night for me :) !!
But I still can't see a suitable information in the MSKB Article you
linked to. Ain't there a description for this behavior? Like "if you
use EFS on your DC and you don't have the encrpyting users profile on
the DC, it'll be copied from the client to the server automatically"?
 
Back
Top