Re: Encrypted files do they work for backups?
- From: v-yanniw@xxxxxxxxxxxxxxxxxxxx ("Jenny wu [MSFT]")
- Date: Mon, 05 Sep 2005 12:55:42 GMT
Hi Russ,
Thanks for your update!
I am sorry for the delayed response due to weekend. Please understand that
the newsgroups are staffed weekdays by Microsoft Support professionals to
answer your systems and applications questions. Your understanding is
greatly appreciated!
Ok, I will wait for you . If there is anything unclear with my previous
reply, please do not hesitate to let me know. I will stand by and want for
your reply.
Have a nice day!
Best Regards,
Jenny Wu
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
>From: "Russ Grover" <russ@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
>References: <u5MbBvAqFHA.2628@xxxxxxxxxxxxxxxxxxxx>
<XW7ggPKqFHA.1208@xxxxxxxxxxxxxxxxxxxxx>
<uln5YBOqFHA.2968@xxxxxxxxxxxxxxxxxxxx>
<$oEexmVqFHA.1204@xxxxxxxxxxxxxxxxxxxxx>
<OHGqrsErFHA.1788@xxxxxxxxxxxxxxxxxxxx>
<j9d5L8IrFHA.472@xxxxxxxxxxxxxxxxxxxxx>
>Subject: Re: Encrypted files do they work for backups?
>Date: Fri, 2 Sep 2005 08:18:04 -0700
>Lines: 442
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
>X-RFC2646: Format=Flowed; Original
>Message-ID: <e47PGG9rFHA.1028@xxxxxxxxxxxxxxxxxxxx>
>Newsgroups: microsoft.public.windows.server.sbs
>NNTP-Posting-Host: c-67-171-186-13.hsd1.or.comcast.net 67.171.186.13
>Path:
TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA03.phx.gbl!TK2MSFTNGP
08.phx.gbl!TK2MSFTNGP12.phx.gbl
>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:150262
>X-Tomcat-NG: microsoft.public.windows.server.sbs
>
>I'm going to test it out myself on my own test SBS Server.
>(However Do to my working Schedule it may be Monday (oh that's a Holiday)
>
>Well it may be Monday anyway that I get a chance to do it..
>
>Thanks for the Persistence...
>
>Russ
>
>--
>Russ Grover
>Small Business IT Support
>SBS Rocks!
>Portland/Beaverton OR
>Email: Sales at SmallBusinessITSupport.com
>Website: http://www.SmallBusinessITSupport.com
>
>
>""Jenny wu [MSFT]"" <v-yanniw@xxxxxxxxxxxxxxxxxxxx> wrote in message
>news:j9d5L8IrFHA.472@xxxxxxxxxxxxxxxxxxxxxxxx
>> Hi Russ,
>>
>> Thanks for you update!
>>
>> Just as I said in my previous post, the encrypted file can be decrypted
by
>> the user account who encrypts the file, whichever you are administrator
or
>> domain user. In your now scenario, you need follow my 3rd step to recover
>> the encrypted file in my previous post.
>>
>> I appreciate you time and effort. I am currently standing by for you
>> about
>> the test result. I am always happy to be of further assistance.
>>
>> Have a nice day!
>>
>> Best Regards,
>>
>> Jenny Wu
>> Microsoft CSS Online Newsgroup Support
>> Get Secure! - www.microsoft.com/security
>> ======================================================
>> This newsgroup only focuses on SBS technical issues. If you have issues
>> regarding other Microsoft products, you'd better post in the
corresponding
>> newsgroups so that they can be resolved in an efficient and timely
manner.
>> You can locate the newsgroup here:
>> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>>
>> When opening a new thread via the web interface, we recommend you check
>> the
>> "Notify me of replies" box to receive e-mail notifications when there are
>> any updates in your thread. When responding to posts via your newsreader,
>> please "Reply to Group" so that others may learn and benefit from your
>> issue.
>>
>> Microsoft engineers can only focus on one issue per thread. Although we
>> provide other information for your reference, we recommend you post
>> different incidents in different threads to keep the thread clean. In
>> doing
>> so, it will ensure your issues are resolved in a timely manner.
>>
>> For urgent issues, you may want to contact Microsoft CSS directly. Please
>> check http://support.microsoft.com for regional support phone numbers.
>>
>> Any input or comments in this thread are highly appreciated.
>> ======================================================
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>
>> --------------------
>>>From: "Russ Grover" <russ@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
>>>References: <u5MbBvAqFHA.2628@xxxxxxxxxxxxxxxxxxxx>
>> <XW7ggPKqFHA.1208@xxxxxxxxxxxxxxxxxxxxx>
>> <uln5YBOqFHA.2968@xxxxxxxxxxxxxxxxxxxx>
>> <$oEexmVqFHA.1204@xxxxxxxxxxxxxxxxxxxxx>
>>>Subject: Re: Encrypted files do they work for backups?
>>>Date: Sun, 28 Aug 2005 20:38:45 -0700
>>>Lines: 314
>>>X-Priority: 3
>>>X-MSMail-Priority: Normal
>>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
>>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
>>>X-RFC2646: Format=Flowed; Original
>>>Message-ID: <OHGqrsErFHA.1788@xxxxxxxxxxxxxxxxxxxx>
>>>Newsgroups: microsoft.public.windows.server.sbs
>>>NNTP-Posting-Host: c-67-171-186-13.hsd1.or.comcast.net 67.171.186.13
>>>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
>>>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:148643
>>>X-Tomcat-NG: microsoft.public.windows.server.sbs
>>>
>>>Sorry for the Delay...
>>>
>>>Well since it's a Backup Drive it's NTFS since the server is over 4GB...
>>>The File is encrypted by the administrator. so no it's not a roaming
>>>profile.
>>>
>>>I guess I thought this was a straight forward question....
>>>
>>>If I use the administrator account, and I encrypt it EFS on a External
>> Drive
>>>NTFS
>>>And the server dies...
>>>I do a recovery...
>>>
>>>Will I be able to access the backup?
>>>
>>>Russ?
>>>
>>>--
>>>Russ Grover
>>>Small Business IT Support
>>>SBS Rocks!
>>>Portland/Beaverton OR
>>>Email: Sales at SmallBusinessITSupport.com
>>>Website: http://www.SmallBusinessITSupport.com
>>>
>>>
>>>""Jenny wu [MSFT]"" <v-yanniw@xxxxxxxxxxxxxxxxxxxx> wrote in message
>>>news:$oEexmVqFHA.1204@xxxxxxxxxxxxxxxxxxxxxxxx
>>>> Hi Russ,
>>>>
>>>> Thanks for your update!
>>>>
>>>> Before we go further, please help me confirm some information:
>>>>
>>>> 1. What is your USB drive format? NTFS or FAT?
>>>> If the drive is formatted by FAT, all the file encrypt information will
>> be
>>>> lost when the encrypted file is moved to this drive. If the drive is
>>>> NTFS
>>>> format you need the private key (.pfx file) to decrypt the files
>>>>
>>>> Please attach the drive to another computer to confirm its format and
>>>> try
>>>> to open the encrypted file. How is the result?
>>>>
>>>> 2. How about your server? Have you formatted the hard disk? Have you
>>>> used
>>>> roaming profile of the user who encrypted the backup file?
>>>>
>>>> 3. If its format is NTFS, do you have the recovery agent Encrypting
File
>>>> System (EFS) private key (.pfx file)? Have you enabled recovery agent
in
>>>> group policy?
>>>>
>>>> Please refer to the following KB article to check if you enabled
>>>> recovery
>>>> agent and who has encrypted the file:
>>>> 243026Using Efsinfo.exe to determine information about encrypted files
>>>> http://support.microsoft.com/kb/243026/
>>>>
>>>> EFS uses an encryption key that is dynamically generated to encrypt the
>>>> file. The File Encryption Key (FEK) is encrypted with the EFS public
key
>>>> and is added to the file as an EFS attribute that is named Data
>> Decryption
>>>> Field (DDF).To decrypt the FEK, you must have the corresponding EFS
>>>> private
>>>> key from the public-private key pair. After you decrypt the FEK, you
can
>>>> use the FEK to decrypt the file.
>>>>
>>>> If your EFS private key is lost, you can use a recovery agent to
recover
>>>> encrypted files. Every time that a file is encrypted, the FEK is also
>>>> encrypted with the Recovery Agent's public key. The encrypted FEK is
>>>> attached to the file with the copy that is encrypted with your EFS
>>>> public
>>>> key in the Data Recovery Field (DRF). If you use the recovery agent's
>>>> private key, you can decrypt the FEK, and then decrypt the file.
>>>>
>>>> If you have enabled recovery agent and the USB drive is NTFS, there are
>>>> two
>>>> scenarios:
>>>>
>>>> Scenario 1:
>>>> If you have private key (.pfx file), you can import the private key and
>>>> then use EFS public key in the Data Recovery Field (DRF) to decrypt the
>>>> file and then restore server using the backup file.
>>>>
>>>> Scenario 2:
>>>> If you lost the private key, the solution appears very complex. I would
>>>> like to suggest you contact Microsoft Customer Support Services via
>>>> telephone so
>>>> that a dedicated Support Professional can assist with your request.
>> Please
>>>> be advised that contacting phone support will be a charged call.
>>>> However,
>>>> if you are simply requesting a hotfix be sent to you and no other
>>>> support
>>>> then charges are usually refunded or waived.
>>>>
>>>> To obtain the phone numbers for specific technology request please
take
>>>> a
>>>> look at the web site listed below.
>>>>
>>>> http://support.microsoft.com/default.aspx?scid=fh;EN-US;PHONENUMBERS
>>>>
>>>> If you are outside the US please see http://support.microsoft.com for
>>>> regional support phone numbers.
>>>>
>>>> For your reference:
>>>>
>>>> 324897 How to manage the encrypting file system in Windows Server 2003
>>>> http://support.microsoft.com/?id=324897
>>>>
>>>> How to work with EFS in Windows Server 2003, visit the following
>> Microsoft
>>>> Web site:
>>>>
>>
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Serve
>>>> rHelp/a3aa1b1f-98c9-41b3-ba05-9424e316a078.mspx
>>>>
>>>> More information about EFS in Windows Server, visit the following
>>>> Microsoft
>>>> Web site:
>>>>
>>
http://www.msdn.microsoft.com/library/default.asp?url=/library/en-us/dnsecur
>>>> e/html/WinNETSrvr-EncryptedFileSystem.asp
>>>>
>>
(http://www.microsoft.com/windows2000/techinfo/howitworks/security/encrypt.a
>>>> sp)
>>>>
>>>> Hope above information helps. If you have any further concern or
>>>> question
>>>> on the issue please feel free to let me know. I am always happy to be
>>>> further assistance!
>>>>
>>>> Have a nice day!
>>>>
>>>> Best Regards,
>>>>
>>>> Jenny Wu
>>>> Microsoft CSS Online Newsgroup Support
>>>> Get Secure! - www.microsoft.com/security
>>>> ======================================================
>>>> This newsgroup only focuses on SBS technical issues. If you have issues
>>>> regarding other Microsoft products, you'd better post in the
>> corresponding
>>>> newsgroups so that they can be resolved in an efficient and timely
>> manner.
>>>> You can locate the newsgroup here:
>>>> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>>>>
>>>> When opening a new thread via the web interface, we recommend you check
>>>> the
>>>> "Notify me of replies" box to receive e-mail notifications when there
>>>> are
>>>> any updates in your thread. When responding to posts via your
>>>> newsreader,
>>>> please "Reply to Group" so that others may learn and benefit from your
>>>> issue.
>>>>
>>>> Microsoft engineers can only focus on one issue per thread. Although we
>>>> provide other information for your reference, we recommend you post
>>>> different incidents in different threads to keep the thread clean. In
>>>> doing
>>>> so, it will ensure your issues are resolved in a timely manner.
>>>>
>>>> For urgent issues, you may want to contact Microsoft CSS directly.
>>>> Please
>>>> check http://support.microsoft.com for regional support phone numbers.
>>>>
>>>> Any input or comments in this thread are highly appreciated.
>>>> ======================================================
>>>> This posting is provided "AS IS" with no warranties, and confers no
>>>> rights.
>>>>
>>>> --------------------
>>>>>From: "Russ Grover" <russ@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
>>>>>References: <u5MbBvAqFHA.2628@xxxxxxxxxxxxxxxxxxxx>
>>>> <XW7ggPKqFHA.1208@xxxxxxxxxxxxxxxxxxxxx>
>>>>>Subject: Re: Encrypted files do they work for backups?
>>>>>Date: Wed, 24 Aug 2005 12:16:34 -0700
>>>>>Lines: 129
>>>>>X-Priority: 3
>>>>>X-MSMail-Priority: Normal
>>>>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
>>>>>X-RFC2646: Format=Flowed; Original
>>>>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
>>>>>Message-ID: <uln5YBOqFHA.2968@xxxxxxxxxxxxxxxxxxxx>
>>>>>Newsgroups: microsoft.public.windows.server.sbs
>>>>>NNTP-Posting-Host: c-67-171-186-13.hsd1.or.comcast.net 67.171.186.13
>>>>>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP10.phx.gbl
>>>>>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:147475
>>>>>X-Tomcat-NG: microsoft.public.windows.server.sbs
>>>>>
>>>>>I guess I should just write the whole thing out...
>>>>>
>>>>>OK If I backup to a USB External Drive.
>>>>>To a EFS Encrypted folder (This Hopefully making it impossible for
>> someone
>>>>>to steal the Backup and Read it.)
>>>>>
>>>>>And my server Crashes...
>>>>>Will I be able to access that folder providing I use the same Admin
>> Domain
>>>>>and Password When I rebuild the Server?
>>>>>(SBS 2003 of course)
>>>>>
>>>>>Russ
>>>>>
>>>>>""Jenny wu [MSFT]"" <v-yanniw@xxxxxxxxxxxxxxxxxxxx> wrote in message
>>>>>news:XW7ggPKqFHA.1208@xxxxxxxxxxxxxxxxxxxxxxxx
>>>>>> Hi Russ,
>>>>>>
>>>>>> Thanks for posting here!
>>>>>>
>>>>>> For your description, I understand your concern is that if you can
>>>> restore
>>>>>> backup file when you encrypted backup file. If I am off base, please
>>>> don't
>>>>>> hesitate to let me know.
>>>>>>
>>>>>> Before we go further please help me confirm some information to
>>>>>> isolate
>>>>>> the
>>>>>> issue:
>>>>>>
>>>>>> 1. How you encrypt the backup file? Using EFS or some third-party
>> backup
>>>>>> tool?
>>>>>>
>>>>>> 2. What is OS in your server? SBS 2003 or SBS 2000 or others?
>>>>>>
>>>>>> 3. If you use EFS encrypt, how you control grant access permissions?
>>>>>>
>>>>>> By default, when we restore a backup file, we must have read
>>>>>> permission
>>>> to
>>>>>> the backup file and full control permission to the files that need to
>> be
>>>>>> restored. And the encrypt process is different regarding different
>>>>>> software.
>>>>>>
>>>>>> If you use Microsoft EFS encrypt files, By default, only the user who
>>>>>> encrypts a file can recover data that has been encrypted, unless the
>>>>>> user
>>>>>> specifies a recovery agent before they encrypted the files. Full
>> Control
>>>>>> permission doesn''t allow a user to decrypt an encrypted file.
>>>>>>
>>>>>> The following KB article may be useful to you:
>>>>>> How to back up the recovery agent Encrypting File System (EFS)
private
>>>> key
>>>>>> in Windows Server 2003, in Windows 2000, and in Windows XP
>>>>>> http://support.microsoft.com/?id=241201
>>>>>>
>>>>>> How To Troubleshoot the File Replication Service in Windows Server
>>>>>> 2003
>>>>>> http://support.microsoft.com/?id=327341
>>>>>>
>>>>>> 243026 Using Efsinfo.exe to Determine Information About Encrypted
>>>>>> Files
>>>>>> http://support.microsoft.com/?id=243026
>>>>>>
>>>>>> Hope above information helps! I am looking forward to your reply. I
am
>>>>>> happy to be further assistance.
>>>>>>
>>>>>> Have a nice day!
>>>>>>
>>>>>> Best Regards,
>>>>>>
>>>>>> Jenny Wu
>>>>>> Microsoft CSS Online Newsgroup Support
>>>>>> Get Secure! - www.microsoft.com/security
>>>>>> ======================================================
>>>>>> This newsgroup only focuses on SBS technical issues. If you have
>>>>>> issues
>>>>>> regarding other Microsoft products, you'd better post in the
>>>> corresponding
>>>>>> newsgroups so that they can be resolved in an efficient and timely
>>>> manner.
>>>>>> You can locate the newsgroup here:
>>>>>> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>>>>>>
>>>>>> When opening a new thread via the web interface, we recommend you
>>>>>> check
>>>>>> the
>>>>>> "Notify me of replies" box to receive e-mail notifications when there
>>>>>> are
>>>>>> any updates in your thread. When responding to posts via your
>>>>>> newsreader,
>>>>>> please "Reply to Group" so that others may learn and benefit from
your
>>>>>> issue.
>>>>>>
>>>>>> Microsoft engineers can only focus on one issue per thread. Although
>>>>>> we
>>>>>> provide other information for your reference, we recommend you post
>>>>>> different incidents in different threads to keep the thread clean. In
>>>>>> doing
>>>>>> so, it will ensure your issues are resolved in a timely manner.
>>>>>>
>>>>>> For urgent issues, you may want to contact Microsoft CSS directly.
>>>>>> Please
>>>>>> check http://support.microsoft.com for regional support phone
numbers.
>>>>>>
>>>>>> Any input or comments in this thread are highly appreciated.
>>>>>> ======================================================
>>>>>> This posting is provided "AS IS" with no warranties, and confers no
>>>>>> rights.
>>>>>>
>>>>>> --------------------
>>>>>>>From: "Russ Grover" <russ@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
>>>>>>>Subject: Encrypted files do they work for backups?
>>>>>>>Date: Tue, 23 Aug 2005 10:55:42 -0700
>>>>>>>Lines: 15
>>>>>>>X-Priority: 3
>>>>>>>X-MSMail-Priority: Normal
>>>>>>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
>>>>>>>X-RFC2646: Format=Flowed; Original
>>>>>>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
>>>>>>>Message-ID: <u5MbBvAqFHA.2628@xxxxxxxxxxxxxxxxxxxx>
>>>>>>>Newsgroups: microsoft.public.windows.server.sbs
>>>>>>>NNTP-Posting-Host: c-67-171-186-13.hsd1.or.comcast.net 67.171.186.13
>>>>>>>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP10.phx.gbl
>>>>>>>Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.windows.server.sbs:147070
>>>>>>>X-Tomcat-NG: microsoft.public.windows.server.sbs
>>>>>>>
>>>>>>>If you Encrypt backup files
>>>>>>>(So they can't be accessed by anyone other than the admin on the
>> server)
>>>>>>>
>>>>>>>Can you still access them for restore:?
>>>>>>>(Assuming you use the same Admin Domain and Password?)
>>>>>>>
>>>>>>>--
>>>>>>>Russ Grover
>>>>>>>Small Business IT Support
>>>>>>>Portland\Beaverton OR USA
>>>>>>>Email: Sales at SmallBusinessITSupport.com
>>>>>>>Website: www.SmallBusinessITSupport.com
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>
>>>
>>>
>>
>
>
>
.
- References:
- Re: Encrypted files do they work for backups?
- From: Russ Grover
- Re: Encrypted files do they work for backups?
- Prev by Date: RE: HELP!!!!
- Next by Date: RE: E Mail Authenication
- Previous by thread: Re: Encrypted files do they work for backups?
- Next by thread: Re: Encrypted files do they work for backups?
- Index(es):
Relevant Pages
|
Loading
