Sharing encrypted folder

[Guest DPM]

Environment: Server2008-x64 enterprise, XPpro SP2 client.

 

 

I want to set up a shared encrypted folder on Server2008, so I:

1.. Logged on the server as admin and created folder "secure", marked it

as encrypted.

2.. This new encrypted folder inherited full-control access permissions

from user x.

3.. I go to my XP machine, map a network drive to "secure" using user x.

So far, so good.

4.. I try to write a file to "secure"; permission is denied.

5.. I then go back to the server and copy the file to "secure" - no

problem.

6.. On XP I export x's certificate (both keys) and successfully import it

into the server.

7.. On the server I try to add x's certificate to the file; I click "add",

select x's certificate and click OK. Result: no error message, but x is not

added.

What's the problem here? Why won't S2008 add the certificate, and if there's

a problem why no error message? Is this a known bug?

 

If I turn encryption off x can access the folder normally, so this is

definitely encryption-related.

 

Is there a way to allow user x on the XP box to use the secure folder just

like any other shared folder? It's a pain to have to add x's cert to every

file manually.

 

 

What am I doing wrong here?

 

 

Thanks,

Dean

[Guest Martin Rublik]

Re: Sharing encrypted folder

 

I suppose you're using SMB (not Web DAV) to access the folder.

 

If you use SMB you need to:

1. Set the server to be trusted for delegation

2. You can import the user's certificate and private key so a user doesn't have

more key pairs. If you don't import the certificate and key pair a new key pair

will be generated and stored in the user's profile on the server.

 

Decryption and encryption process is taking place on the machine where the share

is located (server). The file is sent over the network in clear text.

 

More info can be found here http://technet.microsoft.com/en-us/library/bb457065.aspx

 

HTH

 

 

Martin

 

DPM wrote:

> Environment: Server2008-x64 enterprise, XPpro SP2 client.

>

>

> I want to set up a shared encrypted folder on Server2008, so I:

> 1.. Logged on the server as admin and created folder "secure", marked it

> as encrypted.

> 2.. This new encrypted folder inherited full-control access permissions

> from user x.

> 3.. I go to my XP machine, map a network drive to "secure" using user x.

> So far, so good.

> 4.. I try to write a file to "secure"; permission is denied.

> 5.. I then go back to the server and copy the file to "secure" - no

> problem.

> 6.. On XP I export x's certificate (both keys) and successfully import it

> into the server.

> 7.. On the server I try to add x's certificate to the file; I click "add",

> select x's certificate and click OK. Result: no error message, but x is not

> added.

> What's the problem here? Why won't S2008 add the certificate, and if there's

> a problem why no error message? Is this a known bug?

>

> If I turn encryption off x can access the folder normally, so this is

> definitely encryption-related.

>

> Is there a way to allow user x on the XP box to use the secure folder just

> like any other shared folder? It's a pain to have to add x's cert to every

> file manually.

>

>

> What am I doing wrong here?

>

>

> Thanks,

> Dean

>

>