bigeven2002
asked on
How do I access EFS encrypted files over a network?
Hello, surprisingly I cannot find an answer to this problem. I have a windows 2003 server in which I have applied EFS to a directory with sensitive data. The problem is, another server and workstation cannot access these files even though they are using the same domain admin account. A 2nd domain admin account is involved in which I created a certificate for that account and added it to the list of users that can access the files in the directory. No effect. Both security and sharing permissions allow full control of the encrypted directory for the domain admin accounts.
My question is, how do I access these files from the workstation after encrypting them? Every solution I found so far does not work.
Server with EFS share: Windows Server 2003 Enterprise
Workstation: Windows 7 Pro x64
Both are on Active Directory. The server above is not the AD server by the way.
Attempting the access the encrypted file from the workstation results in access denied. If I decrypt the file, I can access it from the workstation just fine.
My question is, how do I access these files from the workstation after encrypting them? Every solution I found so far does not work.
Server with EFS share: Windows Server 2003 Enterprise
Workstation: Windows 7 Pro x64
Both are on Active Directory. The server above is not the AD server by the way.
Attempting the access the encrypted file from the workstation results in access denied. If I decrypt the file, I can access it from the workstation just fine.
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
Ok I reviewed the techrepublic page and also set the encrypting server as a delegate. No effect. Access to the file is still denied from the workstation.
ASKER
Well looks like I spoke too soon, it did work after all, just took it a while for some reason. Anyways I noticed that if you try to access an encrypted txt file on a share without the right certificate it will lock up Win7. Not only that, but it disables modifying the file on the server too as it still thinks it is being used by another process.
POC: Create a text file on the server and then encrypt it and the folder. Share the folder with everyone read only permissions. Open the share on the workstation with a different user account, right-click on the file, the window immediately freezes. Additionally after the freeze, you will be unable to click on anything in the start menu. Only way to recover is to kill the explorer process and restart it.
POC: Create a text file on the server and then encrypt it and the folder. Share the folder with everyone read only permissions. Open the share on the workstation with a different user account, right-click on the file, the window immediately freezes. Additionally after the freeze, you will be unable to click on anything in the start menu. Only way to recover is to kill the explorer process and restart it.
http://www.techrepublic.com/article/enhance-infrastructure-security-by-using-efs/5086990