Click here to get back home

Giving a device access to EFS (Encrypting File System)
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Giving a device access to EFS (Encrypting File System) kevin 04-28-2006
Posted by kevin on April 28, 2006, 8:01 pm
Please log in for more thread options
 Hi,

I am developing an application that uses encrypted files which are
encrypted under EFS. My application can directly open the files fine,
but when I call the device API function to open the file, the device
cannot read the contents.

I think the device cannot open the file because it doesn't have the
rights to access EFS encrypted files.

I did some research and found that all users need to have the correct
certificate and private key inorder to read the contents of EFS
encrypted files. I assume that a device would need the same to read
encrypted files.

I need to know how to assign a device (or its driver) the correct
certificate and private key.

Can someone please tell me how I can go about doing this? Or if I'm
completely off, can someone point me in the right direction?

Thanks in advance,
Kevin


Posted by Roger Abell [MVP] on April 29, 2006, 6:35 am
Please log in for more thread options
 Clarify what you mean by "the device API" ?
Do you mean a raw read that bypasses NTFS (which implements
EFS and going through which should be in context of account that
the process is running within).

> Hi,
>
> I am developing an application that uses encrypted files which are
> encrypted under EFS. My application can directly open the files fine,
> but when I call the device API function to open the file, the device
> cannot read the contents.
>
> I think the device cannot open the file because it doesn't have the
> rights to access EFS encrypted files.
>
> I did some research and found that all users need to have the correct
> certificate and private key inorder to read the contents of EFS
> encrypted files. I assume that a device would need the same to read
> encrypted files.
>
> I need to know how to assign a device (or its driver) the correct
> certificate and private key.
>
> Can someone please tell me how I can go about doing this? Or if I'm
> completely off, can someone point me in the right direction?
>
> Thanks in advance,
> Kevin
>



Posted by kevin on April 30, 2006, 12:25 am
Please log in for more thread options
I'm sorry, I completely left out the details about the device I am
using. My application uses an MPEG decoder card, the "device" in my
original post.

By "call[ing] the device API function to open the file" I meant calling
the MPEG decoder card API functions mpgLoad and mpgPlay.

I can definitely open the files fine if I open the files using the
function ifstream::open but mpgLoad and mpgPlay will not work. This has
lead me to the conclusion that the operating system is not decrypting
the files for the MPEG decoder card.


Similar ThreadsPosted
File encrypting September 8, 2005, 9:05 am
Minimum File System Access Needed for a Service? December 6, 2005, 3:14 am
Access to NT4 File Ressources denied from Windows 2003 System April 7, 2006, 2:49 am
OpenRowset : DSN : file-system permissions : Local System March 14, 2008, 10:23 am
File System / Directory Security August 17, 2007, 1:38 pm
WebDav, https and Encrypted file system September 20, 2006, 10:01 am
Extract ACL's from Windows NTFS file system July 14, 2005, 9:07 pm
File Access Audit on File Server June 20, 2007, 4:59 pm
SCEP - Network Device Enrollment Service on Windows 2008 Standard March 31, 2008, 10:32 am
RDP : restrict administrator to access system without my permission through rdp June 15, 2006, 6:49 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap