Re: migrate encrypted shared folder

I try to copy profile from old server to new but profile is recreated
again with different name - user.domain And file was encrypted with
another key too.


Miha Pihler [MVP] wrote:
Hi,

Try moving user's profiles from old server to new server. You can try by
backing them up and restoring them on new server.

How EFS works over the network. When users copy EFS encrypted files from
their computers to file server, file will first be decrypted and copied in
clear text over the network. Once on the server if will be encrypted if the
folder where it was copied to was marked for encryption. At this point
server will check if user has any keys that can be used for encryption (it
checks users profile). If user does not have a profile or a key -- profile
is created at this point and e.g. self signed EFS keys are generated (if
there is no CA server on the network). This is why you can see a lot of
profiles on server even when users never logged on to the server locally.

If you only do a backup of EFS encrypted files and restore them to another
server -- you left EFS encryption keys on old server and users won't be able
to open their files...

--
Mike
Microsoft MVP - Windows Security

<pakozdy@xxxxxxxx> wrote in message
news:1159990502.435285.58210@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
hello ...

I need move shared folder with encrypted files form old to new server.
I use this steps:

- backup shared folder with ntbackup
- set new server as Trusted for delegate ..
- restore backup to new server

and now encrypted files are encrypted with another key not same as on
old server. After restore on new server I found in "Documents and
settings" folder new profile for owners of encrypted files. This
owners never logon to new server localy .
I can decrypt files with recovery agent corectly.

What's wrong ? what's correct way to migrate shared encrypted files ?

thank you


.

Relevant Pages