RE: EFS Migration
- From: v-jasont@xxxxxxxxxxxxxxxxxxxx (Jason Tan (MSFT))
- Date: Wed, 13 Jul 2005 05:26:42 GMT
Hi Frederick,
Thanks for posting!
Windows 2000 EFS stores its encryption keys in the PStore, making
additional steps required to ensure continued access to encrypted files
after the migration.
To prevent users from losing access to their encrypted files, one of two
actions must be taken prior to the first user or computer migration.
# All users' private encryption keys must be exported and securely stored,
then later imported into the new user account PStore in the target domain.
This can be done manually or via third-party utility.
# All files encrypted with EFS must be decrypted and then re-encrypted
following the migration.
Note: The old PStore file is preserved, so it is possible that a Microsoft
of third-party utility could recover the data using CryptoAPI.
Hope the information helps. If there is anything that is unclear, please
feel free to let me know.
Thanks & Regards,
Jason Tan
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: EFS Migration
| thread-index: AcWHA5JWoF5wLqfNRuWE0K/JCtowCA==
| X-WBNR-Posting-Host: 192.146.101.24
| From: =?Utf-8?B?RnJlZGVyaWNr?= <Frederick@xxxxxxxxxxxxxxxxxxxxxxxxx>
| Subject: EFS Migration
| Date: Tue, 12 Jul 2005 10:03:05 -0700
| Lines: 9
| Message-ID: <4A18083C-8991-48EA-8649-7139CFF4DDF7@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.windows.server.migration
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.windows.server.migration:11191
| X-Tomcat-NG: microsoft.public.windows.server.migration
|
| Are there any best practices for migrating a EFS encrypted forlder from
one
| domain to the next? I am using ADMT to migrate users/computers/profiles
from
| an NT 4.0 domain to a W2K3 domain, and this is one of my challenges.
|
| TIA
|
| //FC
|
| Frederick Czajka
|
.
- References:
- EFS Migration
- From: Frederick
- EFS Migration
- Prev by Date: ASP From Windows NT to Windows 2003
- Next by Date: Windows 2000 to Windows 2003 Domain-Trust Issue
- Previous by thread: EFS Migration
- Next by thread: Adding a Windows 2003 Server to a Windows 2000 domain
- Index(es):
Relevant Pages
|
