|
Home > Archive > 70-210 > September 2003 > QOD 8/30 - Encryption
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
QOD 8/30 - Encryption
|
|
| blackwidow 2003-08-29, 7:53 pm |
| You got a win2k pro at the office. Someone tells you about encryption stuff, so you take your excel worksheets and park them in a new folder. Then somehow you are successful in encrypting the contents of the folder, and end up sharing it too.
That evening from home, you dial into company RAS from your home win2k pro machine, and connect to your shared folder. You see your spreadsheets in the share now.
Can you:
A) transfer the files to your home computer?
B) If you do, can you open them up?
C) If you do open them up, will you see anything in the spreadsheets?
If you cannot transfer them,
A) What would you have to do on your own PC to transfer them and open them up?
Loaded question, but perfect for exam stuff  | |
| rnrkenzie 2003-08-31, 1:52 am |
| Yiks!! I need to hit the books again! | |
| Bluebie 2003-08-31, 6:38 pm |
| My guess:
A) Yes
B) Yes- assuming you are RAS'd in using the credentials that were used when you enabled EFS on the folder. Technically you are logged onto the network as the owner of that file.
C) Yes- because of B.
? | |
| YOUNGMAN 2003-09-01, 12:55 am |
| I would agree that when you log into the network remotely you are still given an access token which includes your encryption keys and so you should be able to transfer files and they will be decrypted automatically.
So the answer is
A Yes
B Yes
C Yes | |
| blackwidow 2003-09-01, 1:01 am |
| "I would agree that when you log into the network remotely you are still given an access token"
So the access token is responsible for encrypting and decrypting?
Hmmm.. well i think i'll let this question cook for a few days.. win2k pro 70-210 is usually the first exam people take.. If nothing else, at least it will come in handy next time someone tries to get an encrypted file from a network share.
| |
| YOUNGMAN 2003-09-01, 1:53 am |
| I know it's early in the morning here, but I was certain that the person who encrypted a file could copy it remotely to another computer - it would be transferred unencrypted, but it would still arrive on the machine and be available.
What am I missing here? | |
| WarrenStreet 2003-09-02, 5:34 am |
| I would say:
Yes
Yes
Yes
If u have a domain accunt u will be able to open the encrypted files once autenticathed through RAS
 | |
| iamroyal 2003-09-02, 11:46 am |
| you wouldn't be able to do anything with the files. No matter how the ntfs or share level partitions are setup, you can't do anything, regardless on how your username is setup on your machine at home, because the sids are different. The private key that holds the information to decrypt the file, are located in your profile on the computer that decrypted the files. Therefore, no matter what, the SID is different, plus the private key is only stored on the computer that physcially encrypted the file. Therefore, you can do nothing at all with the file. You can copy it, but that's the end of the line. | |
| blackwidow 2003-09-02, 7:27 pm |
| iamroyal... you have reached and pulled out a winner | |
| iamroyal 2003-09-02, 7:41 pm |
| plus, even if you copy it, the reason why you still cannot open it is...
You know with a regular file, if you move a file to a different partition, it uses a different MFT, therefore it has to create a new file and loses its' attributes and inherits the folders parent permissions. However, it doesn't work like this with encrypted or compressed files. No matter what you do to the file, moving or copying, the file will retain those compression/encryption attributes (cannot have both compression and encryption). Just clarifying this to any users who might be confused. | |
| iamroyal 2003-09-02, 7:42 pm |
| er, double post, plz delete this | |
| WarrenStreet 2003-09-03, 3:45 am |
| Ok with the SID matter..thanks for claryfing but...
quote:
No matter what you do to the file, moving or copying, the file will retain those compression/encryption attributes
I thought that copying a file compressed file to a non compressed file would result in the file loosing his compression, while for obvious reasons, encryption would be retained.
TIA | |
| YOUNGMAN 2003-09-03, 4:44 am |
| iamroyal - whilst trying to clarify matters for the confused, I think you've confused people.
When you move or copy a compressed file between volumes, the file inherits the compression state of the target volume (if it's NTFS - FAT will be uncompressed whatever). The only time it's compression state it based on the file's own attribute is when it is moved within the same NTFS volume.
And getting back to the inital question - according to the MSPress 2nd edition for 70-210 -
"You can use EFS to encrypt and decrypt files on remote file servers but not to encrypt data that is transferred over the network. Windows 2000 provides network protocols, such as Secure Sockets Layer (SSL) authentication, to encrypt data over the network."
So, how about this. You could remotely access the file and remove the encrption attribute. Then copy the file to the home machine. Then remotely reapply the encryption attribute to the file on the work machine.
Would this accomplish the task? |
|
|
|
|