trusted for delegation; encrypt folder on file server

T

techstress

I created a folder in my user home folder and tried to set it to
encrypt the contents (efs). This was performed from a xp workstation
on a windows domain. The folder was created on the company's file
server. An error messgae was displayed and research showed that the
workstation should have trusted for delegation checked in Users and
computers. I'm having a tough time finding out what the impact of
setting trusted for delegation has for a workstation on the domain.

Also, I'm wondering if our backup software will still be able to
backup and recover this folder. The backup software uses a different
user account.
 
D

DaveMills

On Sat, 10 Oct 2009 14:57:29 -0700 (PDT), techstress
wrote:

>I created a folder in my user home folder and tried to set it to
>encrypt the contents (efs). This was performed from a xp workstation
>on a windows domain. The folder was created on the company's file
>server. An error messgae was displayed and research showed that the
>workstation should have trusted for delegation checked in Users and
>computers. I'm having a tough time finding out what the impact of
>setting trusted for delegation has for a workstation on the domain.
>
>Also, I'm wondering if our backup software will still be able to
>backup and recover this folder. The backup software uses a different
>user account.

The backup software should treat the file as a binary blob. It can copy it but
not understand what is in it.
--
Dave Mills
There are 10 types of people, those that understand binary and those that don't.
 
A

Anteaus

You do not say if you are the network admin, but if not then I would have
second thoughts about doing this kind of thing without permission.

In any event, EFS is a very dangerous tool, and one which is responsible for
numerous catastrophic data losses. One of the issues is (as you surmise)
that it may not be possible to recover data from a backup unless special
considerations are implemented regarding the encryption keys. Unless you have
a genuine need for high security I'd leave it alone.

"techstress" wrote:

> I created a folder in my user home folder and tried to set it to
> encrypt the contents (efs). This was performed from a xp workstation
> on a windows domain. The folder was created on the company's file
> server. An error messgae was displayed and research showed that the
> workstation should have trusted for delegation checked in Users and
> computers. I'm having a tough time finding out what the impact of
> setting trusted for delegation has for a workstation on the domain.
>
> Also, I'm wondering if our backup software will still be able to
> backup and recover this folder. The backup software uses a different
> user account.
>
 
M

Marcin

The security implications of such approach are described quite eloquently by
Bill Boswell in this article -
http://www.informit.com/articles/article.a...=19476&seqNum=3
Backed up files remain encrypted on the media - your backup simply needs to
run in the security context of an account which is a member of local Backup
Operators group...

hth
Marcin

"techstress" wrote in message
news:4bb39790-04d5-445a-b239-6ac27f3a7b7d@b15g2000yqd.googlegroups.com...
>I created a folder in my user home folder and tried to set it to
> encrypt the contents (efs). This was performed from a xp workstation
> on a windows domain. The folder was created on the company's file
> server. An error messgae was displayed and research showed that the
> workstation should have trusted for delegation checked in Users and
> computers. I'm having a tough time finding out what the impact of
> setting trusted for delegation has for a workstation on the domain.
>
> Also, I'm wondering if our backup software will still be able to
> backup and recover this folder. The backup software uses a different
> user account.
 
T

techstress

Thank you everyone for the replies. I'm the admin of these
computersand am looking to test certain functionality. I was thinking
to enhance access control by adding EFS. I've seen misconfigurations
being made to ACLs that could expose data. I wanted to use EFS to
only allow access to a particular user account. It seems risky
though. I would be sure to create and regularly backup the recovery
keys. But trusted for delegation sounds dangerous. I'd like to see
additional measures in place as well.

Once again thanks for the info. It's been a big help.
 
You must log in or register to reply here.

Similar threads

S
Encrypted Folder & Files on a Backup Hard Drive
Replies
0
Views
24
Shane Allen1
S
H
Excel Open File - Security Warning for our own company SharePoint site, followed by network share
Replies
0
Views
44
Hoff_82
H
H
Excel Open File - Security Warning for our own company SharePoint site, followed by network share
Replies
0
Views
34
Hoff_82
H
E
Cant decrypt my game folder
Replies
0
Views
28
erfan hosseini
E
A
How to Disable Single User Concurrent Logon
Replies
0
Views
51
Alexandros Stratakos
A
Back
Top Bottom