jcastillop
MIS
I'm doing some testing with EFS but I cannot get it to work correctly. I'm stumped, because in theory, from what I read, encrypting and selecting users who can decrypt is a pretty basic process.
Our Certification Authority is installed on one of our Windows 2003 Domain Controllers.
I encrypt a file on another W2003 Server, and select the users who can decrypt it (these users have previously requested EFS or USER certificates using the CA's web interface).
I setup a share, so the file can be accessed over the network, and assign full permissions for both the share and NTFS Security for the users in questión.
However, when these users try to open the file, they get the "Access Denied" message.
On the other hand, I have found that it works if I do the following:
A user who has not requested a certificate from the CA encrypts a file on the server (this automatically generates an EFS certificate for the user). If I now give this user decryption permissions for my file, they are able to open it with no problem. HOWEVER, if I encrypt a file on another server, and give this user decrypt permissions, they also get the "access denied" message when they try to open that file.
I don't think it's supposed to work this way!!!! Because it would mean that before users can be assigned decryption permissions, they will firstly have to encrypt one of their own files on that same server!!!
Does anyone have any clue as to what I'm leaving out? like I said.. I am completely stumped with this one.
Thanks in advance for your help
Our Certification Authority is installed on one of our Windows 2003 Domain Controllers.
I encrypt a file on another W2003 Server, and select the users who can decrypt it (these users have previously requested EFS or USER certificates using the CA's web interface).
I setup a share, so the file can be accessed over the network, and assign full permissions for both the share and NTFS Security for the users in questión.
However, when these users try to open the file, they get the "Access Denied" message.
On the other hand, I have found that it works if I do the following:
A user who has not requested a certificate from the CA encrypts a file on the server (this automatically generates an EFS certificate for the user). If I now give this user decryption permissions for my file, they are able to open it with no problem. HOWEVER, if I encrypt a file on another server, and give this user decrypt permissions, they also get the "access denied" message when they try to open that file.
I don't think it's supposed to work this way!!!! Because it would mean that before users can be assigned decryption permissions, they will firstly have to encrypt one of their own files on that same server!!!
Does anyone have any clue as to what I'm leaving out? like I said.. I am completely stumped with this one.
Thanks in advance for your help