Home > Enterprise Desktop Tips > > Problems accessing encrypted files on remote servers
Enterprise Desktop Tips:
EMAIL THIS
 TIPS & NEWSLETTERS TOPICS 


Problems accessing encrypted files on remote servers


Brien M. Posey, MCSE
08.07.2007
Rating: --- (out of 5)


Advice for securing Windows
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


Microsoft Windows' Encrypting File System (EFS) allows you to encrypt files on a remote server, helping to prevent sensitive data from being disclosed. EFS tends to be pretty straightforward when it is used to encrypt files on a local hard drive, but it can behave a bit unexpectedly when you attempt to encrypt files residing on a shared network volume.

The most common problems with decrypting remote files stem from the inability to locate the user's profile and the private keys that it contains. Problems can also result if the server that's hosting the encrypted files does not support delegation.

Symptoms of decryption problems

The biggest problem regarding the use of encrypted files on shared network volumes is that users may have trouble decrypting the files once they have encrypted them. When Windows fails to decrypt remotely stored files, users won't typically see an error message citing decryption problems. Instead, a user will receive a simple Access Denied message.

Why did decryption fail?

In order to understand the possible causes of a decryption failure, you need to understand what's going on when EFS decrypts files that are stored on a network volume. Here are the basic steps taken:

That's the process in a nutshell. With this in mind, you can see that there are two basic areas in which the decryption process can break down. EFS can have trouble locating the user's profile (which contains the user's private key), or it can have p


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary


roblems impersonating the user.

User profile problems

Assuming that the user's private keys have not been deleted, profile-related problems usually revolve around a user logging in from a different computer. If a user logs on to a computer other than the one he normally uses, his profile is left behind. Microsoft Windows will create a profile for the user when he logs on to the new machine, but the profile will not contain the user's private keys.

The solution to this problem is to use roaming profiles. This ensures that the user's private keys follow the user from computer to computer.

Delegation problems

As mentioned earlier, EFS must impersonate the user because the user is not logged on locally to the server that contains the encrypted files. If a user has access to the correct profile, but decryption still fails, then the problem may be delegation related.

To find out whether this is the case, follow these steps:

Figure A
[IMAGE]
The server that's hosting the encrypted files must support delegation.

About the author: Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. He has served as CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer, he has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies.

Rate this Tip
To rate tips, you must be a member of SearchEnterpriseDesktop.com.
Register now to start rating these tips. Log in if you are already a member.




DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.



Enterprise Desktop Security - Virus Protection, Malware Protection, Intrusion Detection
HomeTopicsITKnowledge ExchangeTipsMultimediaWhite PapersBlogs
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2008 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts