Access denied to EFS encrypted files after PC joins domain
Posted
by
mjmarsh
on Server Fault
See other posts from Server Fault
or by mjmarsh
Published on 2013-01-15T19:44:19Z
Indexed on
2014/05/28
21:34 UTC
Read the original article
Hit count: 186
I'm experiencing strange behavior with Windows Encrypted File System:
- I have a machine that is in workgroup mode (not joined to a domain)
- I encrypt an entire directory structure on the machine (basically a folder and subfolders with data files for my application).
- My application writes and reads files from the encrypted file hierarchy as a local Windows user (let's call the account 'SecureUser'). This works fine
- I then join the PC to a domain (Let's call it 'TEST')
- Afterwards, processes running as the local 'SecureUser' account can't read the files it wrote originally when it was off the domain (What is also strange is that the files are listed as "read only" now and I cannot unset this flag via Windows Explorer or the command line, even though it looks like it succeeds)
- I then 'un-join' the PC from the domain and everything works again
Is there something about changing domain membership on a PC that changes the behavior of EFS so that previously encrypted files cannot be read, even by the originating user?
Thanks in advance
© Server Fault or respective owner