EFS - No Certificate??

  • Thread starter Dennis van der Meer
  • Start date

D

Dennis van der Meer

Hi,

I am currently studying to become a MCSA. One of the requirements is
knowing how to work with EFS.
To test around with Windows Server 2003 I created a VMWare setup that
contains a Windows Server 2003 Enterprise Edition and a Windows XP
Professional workstation.

On the server I created 2 users: Test1 and Test2.
The user Test2 was created by using a copy of Test1 and filling in the
blanks. I also create an OU called Administration and this is where
both user accounts reside.

On the server I created a share (share permissions: Full control, NTFS
permissions: Administration Change permissions).
On the client side I log in with user Test1. After this I go to the
share and create a folder, named "Encrypted". In this folder I simply
copy a few files and they are all encrypted afterwards (because I set
the folder properties to encrypted).

Then I want to share one of the files with user Test2 so he can open
the file too. So I go to the properties | Advanced | Details, and I
can clearly see that user Test1 is already able to view this file.
The Data Recovery Agent is the Administrator (default, and currently I
don't need this). So now I want to add Test2 to the list of users who
can transparently access the file so I click Add. In the Select User
dialog I don't see any other users (shouldn't Test2 be in this list
also?).

I have a few questions regarding this:
1. How is it that Test1 has a certificate (by default) and Test2
doesn't appear to have one?
2. Is there a way to give user Test2 a new certificate (issue a new
one) without setting up a CA on the server?

I can test the whole concept with the Administrator and Test1 (they
both have certificates) and I can add Test1 to the list of users who
can access a certain document. But Test2 doesn't appear anywhere.


Regards,

Dennis van der Meer
 
Ad

Advertisements

P

Paul Adare

microsoft.public.win2000.security news group, Dennis van der Meer
1. How is it that Test1 has a certificate (by default) and Test2
doesn't appear to have one?
Test1 has encrypted at least one file, therefore a self signed
certificate has been issued for that user.
2. Is there a way to give user Test2 a new certificate (issue a new
one) without setting up a CA on the server?
Have Test2 encrypt a file on the server.

Search microsoft.com for EFS and you'll find tons of info on it.
 
D

Dennis van der Meer

Thank you very much. This did the trick. I thought that at first
logon this self signed certificate would be created but now I know
this is not the case.
 
Ad

Advertisements


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads


Top