How do I access EFS encrypted files over a network?

Hello, surprisingly I cannot find an answer to this problem.  I have a windows 2003 server in which I have applied EFS to a directory with sensitive data.  The problem is, another server and workstation cannot access these files even though they are using the same domain admin account.  A 2nd domain admin account is involved in which I created a certificate for that account and added it to the list of users that can access the files in the directory.  No effect.  Both security and sharing permissions allow full control of the encrypted directory for the domain admin accounts.

My question is, how do I access these files from the workstation after encrypting them?  Every solution I found so far does not work.  

Server with EFS share: Windows Server 2003 Enterprise
Workstation: Windows 7 Pro x64

Both are on Active Directory.  The server above is not the AD server by the way.

Attempting the access the encrypted file from the workstation results in access denied.  If I decrypt the file, I can access it from the workstation just fine.

LVL 17
bigeven2002Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

baraneCommented:
0
grayeCommented:
The problem is most likely that the server has not be configured to "act as a delegate" when using "foreign" credentials for EFS.  This is a simple Active Directory configuration change.

http://technet.microsoft.com/en-us/library/cc738491(WS.10).aspx

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
bigeven2002Author Commented:
Ok I reviewed the techrepublic page and also set the encrypting server as a delegate.  No effect.  Access to the file is still denied from the workstation.
0
bigeven2002Author Commented:
Well looks like I spoke too soon, it did work after all, just took it a while for some reason.  Anyways I noticed that if you try to access an encrypted txt file on a share without the right certificate it will lock up Win7.  Not only that, but it disables modifying the file on the server too as it still thinks it is being used by another process.

POC: Create a text file on the server and then encrypt it and the folder.  Share the folder with everyone read only permissions.  Open the share on the workstation with a different user account, right-click on the file, the window immediately freezes.  Additionally after the freeze, you will be unable to click on anything in the start menu.  Only way to recover is to kill the explorer process and restart it.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.