T
Taurin
Greetings,
we're just playing around with EFS on a test DomainController.
Following set:
1 Windows 2000 DomainContriller with User-Management over the AD
1 Windows XP Client
1 3rd Party CA
I created both certificates for the user and the recovery agent,
placed the public key of the recovery agent in the group policy and
imported the P12-File containing public and private key of the user on
the client station, logged in as the domain user.
When I'm on the client and create a file on/copy a file to the shares
on the DC and encrypt and decrypt it using EFS it works. I wondered
how this could work, because EFS needs the private key of the user who
encrypts/decrypts the file, and there is no private key on the server.
I checked the local profiles on the _server_ and saw that each time I
access a shared folder located on the server with the client
containing a crypted file, a local profile for the User is
automatically created on the server. Is contains the keyset and e.g.
the temporary internet data. If I delete this local profile, each time
I access the folder again, it's copied again.
I searched the web for more information on this automatism but I
failed. So maybe someone of you guys has more informations on this
process for me?
THX!
we're just playing around with EFS on a test DomainController.
Following set:
1 Windows 2000 DomainContriller with User-Management over the AD
1 Windows XP Client
1 3rd Party CA
I created both certificates for the user and the recovery agent,
placed the public key of the recovery agent in the group policy and
imported the P12-File containing public and private key of the user on
the client station, logged in as the domain user.
When I'm on the client and create a file on/copy a file to the shares
on the DC and encrypt and decrypt it using EFS it works. I wondered
how this could work, because EFS needs the private key of the user who
encrypts/decrypts the file, and there is no private key on the server.
I checked the local profiles on the _server_ and saw that each time I
access a shared folder located on the server with the client
containing a crypted file, a local profile for the User is
automatically created on the server. Is contains the keyset and e.g.
the temporary internet data. If I delete this local profile, each time
I access the folder again, it's copied again.
I searched the web for more information on this automatism but I
failed. So maybe someone of you guys has more informations on this
process for me?
THX!
!!