EFS / Standard File Sharing

[Stefan]

Hi,

I have a small workgroup consisting of XP Pro desktops.

I have set up one machine as a simple
file/printer 'server' with STANDARD file sharing options
enabled.

This enables me to use SHARE and NTFS permissions (on
the 'server') to allow logged on users on the 'clients'
to access data shares on the server. i.e. User
FRED/Password:zub on a 'client' can access User
FRED/Password:zub shares on the 'server'. This all works
fine except when I switch on EFS on the server share.

Is there any way I can use EFS from the 'client' without
having to get into domains and ActiveDirectory?

(I don't care about unencrypted transfer over the LAN. I
just want to keep the shares encrypted on the 'server'
but accesable from the 'clients')

Many thanks, Stefan

 

[Torgeir Bakken \(MVP\)]

This enables me to use SHARE and NTFS permissions (on
the 'server') to allow logged on users on the 'clients'
to access data shares on the server. i.e. User
FRED/Password:zub on a 'client' can access User
FRED/Password:zub shares on the 'server'. This all works
fine except when I switch on EFS on the server share.

Is there any way I can use EFS from the 'client' without
having to get into domains and ActiveDirectory?

(I don't care about unencrypted transfer over the LAN. I
just want to keep the shares encrypted on the 'server'
but accesable from the 'clients')

Hi

This might work:

For a network file encrypted with EFS you need to add every user
that is to access this file using the file properties GUI:

http://support.microsoft.com/?kbid=324897#22

More here:

http://groups.google.com/[email protected]


You would of course need to export the private EFS certificate from
the 'server' and import it on all the other computers.

 

[Stefan Gmaj]

Thanks,

I'll try it...

Regards, Stefan

-----Original Message-----

Hi

This might work:

For a network file encrypted with EFS you need to add every user
that is to access this file using the file properties GUI:

http://support.microsoft.com/?kbid=324897#22

More here:

http://groups.google.com/groups?threadm=0de001c3df12% 2416a037b0%24a401280a%40phx.gbl


You would of course need to export the private EFS certificate from
the 'server' and import it on all the other computers.



--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/community/scriptcenter/de fault.mspx
.

 

[Stefan]

It seems it would still be impossible to write a new file
to an encrypted folder on a XP Pro system 'server' (from
an XP Pro 'client') :-(

[I will still try it though with certificates imported to
the 'clients' and I will report back ]

Regards, Stefan

 

[Guest]

Any idea which certificates I need to import to the Client?

Thanks, Stefan

 

[Drew Cooper [MSFT]]

I answered the re-post. Didn't see this one earlier.

EFS over SMB only works when the remote server is trusted for delegation.
This requires AD. Without a domain, you can't do this.
--
Drew Cooper [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.

It seems it would still be impossible to write a new file
to an encrypted folder on a XP Pro system 'server' (from
an XP Pro 'client') :-(

[I will still try it though with certificates imported to
the 'clients' and I will report back ]

Regards, Stefan

-----Original Message-----

Hi

This might work:

For a network file encrypted with EFS you need to add every user
that is to access this file using the file properties GUI:

http://support.microsoft.com/?kbid=324897#22

More here:

http://groups.google.com/groups?threadm=0de001c3df12% 2416a037b0%24a401280a%40phx.gbl


You would of course need to export the private EFS certificate from
the 'server' and import it on all the other computers.



--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/community/scriptcenter/de fault.mspx
.