Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Encrypting remote files with EFS

from [Depp, Dennis M.] Network Security [Permanent Link]
Subject: RE: Encrypting remote files with EFS
Date: Wed, 11 May 2005 07:37:22 -0400 
The files on the server should be encrypted.  However, they would be
decrypted on the server and sent over the wire unencrypted.

Dennis
 

-----Original Message-----
From: Bruce K. Marshall [mailto:bkmlstsgohere@comcast.net] 
Sent: Tuesday, May 10, 2005 4:28 PM
To: Zack Schiel
Cc: focus-ms@securityfocus.com
Subject: Re: Encrypting remote files with EFS

Zack,

My suspicion would be that the files on the suspect servers are not
actually 
encrypted.  The behavior is not consistent with my experience or 
expectations.

Have you verified that the encrypted attribute is still set on files
while 
on the server?

----
Bruce K. Marshall - bmarshall@securityps.com
Security PS - Kansas City



----- Original Message ----- 
From: "Zack Schiel" <ZSchiel@blueandco.com>
To: <focus-ms@securityfocus.com>
Sent: Tuesday, May 10, 2005 9:03 AM
Subject: Encrypting remote files with EFS


We are in the midst of deploying EFS to protect specific folders on
laptop 
hard drives. We want EFS used only for that purpose-locally; as such, we
do 
not want users to have the ability to encrypt files that are residing on

file servers. According to my understanding of EFS, which seems to be 
confirmed by the quote below from Windows help, users shouldn't be able
to 
do so unless we specifically enable file server(s) to be trusted for 
delegation in AD.

"In a domain environment, remote encryption is not enabled by default.
To 
enable encryption for a specific computer, your network administrator
can 
make that computer trusted for delegation. For more information, consult

your network administrator."

However, some of our servers are allowing files to be encrypted and 
decrypted remotely-and these servers are *not* marked as trusted for 
delegation in AD. Further, the user that encrypted the file can scoot
over 
to another PC, log in as themselves, and access the file-and we have no
CA 
infrastructure in place; these are locally-generated EFS certificates
that 
do not chain back past the local client machine. The certificate
thumbprints 
in the personal store for the user account on the two PCs do not match,
yet 
they can access the file just the same, while other user accounts
cannot.

I'm thoroughly confused by this behavior, and would appreciate any
experts 
chiming in and cluing me in as to why 1) some servers are allowing
remote 
encryption, while others are not, and 2) why locally-generated EFS certs
are 
behaving this way.

Our environment:
-Windows 2000 native-mode domain
-All DCs are Win2k, file servers are a 2k/2003 mix
-Clients are 2000/XP; the OS of the client/server doesn't seem to 
matter-some 2k3 servers allow remote encryption, some don't, and some
2000 
servers allow, while others don't.

Thanks,

-Zack-



------------------------------------------------------------------------
---
------------------------------------------------------------------------
---



------------------------------------------------------------------------
---
------------------------------------------------------------------------
---


---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Encrypting remote files with EFS, jbaskerville
Next by Date:  Re: To disable SMB packet and secure channel signing enforcement on Windows Server 2003-based domain controllers, gjl
Previous by Thread:  Re: Encrypting remote files with EFS, jbaskerville
Next by Thread:  RE: Encrypting remote files with EFS, Depp, Dennis M.
Indexes:  [Date] [Thread] [Top] [All Lists]