|
Posted by Miha Pihler [MVP] on December 5, 2005, 2:33 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Not sure what solution you are looking for, but for the copy operation to be
sucessful the file must be decrypted first (this is how EFS works and
protects data -- anything else would be sort of security bypass and would
beat the purpose of EFS).
This means that user must have private keys corresponding to the private key
that encrypted the files. Once the files are copied to the other computer
(they are copied over the network _unencrypted_) they are again encrypted on
the end server if the folder where you are copying them has encrypt
attribute set... This could again cause some problems since the files must
be encrypted with same keys as before they were copied or user will fail to
access the content of the files...
Also you mentioned that you have a way to export the keys. Think about
this -- especially how keys are protected in this case? Aren't you lowering
the level of security by doing this?
The only really "good" solution that I see here is backup and restore using
software that knows how to "deal" with EFS encrypted files (e.g. ntbackup).
In this case user doing the backup and restore operation doesn't need to
decrypt the files first and encrypt them once the files are copied. The only
permission that user needs in this case is backup permission. Also -- files
are encrypted even when copied over the network.
--
Mike
Microsoft MVP - Windows Security
> Hi All,
> In my environment EFS has just been rolled out. I do not have the back
> office specifics, but need to be able to copy data from one machine to
> another in an efficient manner. We have a mechanism to export and import
> cert.
> 1. Drive to drive data is copied and efs maintain. But on laptops this
> means
> taking drives out of machines and we do not want to do that.
> 2. It seems that if you copy the files to a location that is on the
> machines
> bus, or a local drive EFS is maintained.
> 3. We have tried other methods including backup and restore solutions and
> winzip. All are much slower that a direct copy of course.
>
> SO is there any other way to copy EFS file from one user machine to
> another
> and maintain the encrytion over a crossover cable or peer-to-peer copy?
>
> Thanks.
| 
XML site map