EFS Encrypted Files over home workgroup network via WebDAV avoiding Active Directory fixing Access Denied errors

This is for information to help others
KEYWORDS:
  - Sharing EFS encrypted files over a personal lan wlan wifi ap network
  - Access denied on create new file / new fold on encrypted EFS network file share remote mapped folder
  - transfer encryption keys / certificates
  - set trusted delegation for user + computer for EFS encrypted files via
Kerberos
  - Windows Active Directory vs network file share
  - Setting up WinDAV server on Windows 7 Pro / Ultimate
It has been a long painful road to discover this information.
I hope sharing it helps you.
Using EFS on Windows 7 pro / ultimate is easy and works great. See
here and
here
So too is opening + editing encrypted files over a peer-to-peer Windows 7 network.
HOWEVER, creating a new file / new folder over a peer-to-peer Windows 7 network
won't work (unless you follow below steps).
Typically, it is only discovered as an issue when a home user wants to use synchronisation software between their home computers which happens to have a few folders encrypted using windows EFS. I had this issue trying to use GoodSync.
Typically an "Access Denied" error messages is thrown when a \\clientpc tries to create new folder / new file in an encrypted folder on a remote file share \\fileserver.
Why such a EFS drama when a network is involved?
Assume a home peer-to-peer network with 2pc:  \\fileserver  and  \\clientpc
When a \\clientpc tries to create a new file or new folder on a \\fileserver (remote computer) it fails. In a terribly simplified explanation it is because the process on \\fileserver that is answering the network requests is a process working for a user on
another machine (\\clientpc) and that \\fileserver process doesn't have access to an encryption certificate (as it isn't a user). Active Directory gets around this by using kerberos so the process can impersonate a \\fileserver user and then use their certificate
(on behalf of the clienpc's data request).
This behaviour is confusing, as a \\clientpc can open or edit an existing efs encrypted file or folder, just can't create a new file or folder. The reason editing + opening an encrypted file over a network file share is possible is because the encrypted
file / folder already has an encryption certificate, so it is clear which certificate is required to open/edit the file. Creating a new file/folder requires a certificate to be assigned and a process doesn't have a profile or certificates assigned.
Solutions
There are two main approaches to solve this:
     1) SOLVE by setting up an Active Directory (efs files accessed through file shares)
          EFS operations occur on the computer storing the files.
          EFS files are decrypted then transmitted in plaintext to the client's computer
          This makes use of kerberos to impersonate a local user (and use their certificate for encrypt + decrypt)
     2) SOLVE by setting up WebDAV (efs files accessed through web folders)
           EFS operations occur on the client's local computer
           EFS files remain encrypted during transmission to the client's local computer where it is decrypted
           This avoids active directory domains, roaming or remote user profiles and having to be trusted for delegation.
           BUT it is a pain to set up, and most online WebDAV server setup sources are not for home peer-to-peer networks or contain details on how to setup WebDAV for EFS file provision
         READ BELOW as this does
Create new encrypted file / folder on a network file share - via Active Directory
It is easily possible to sort this out on a domain based (corporate) active directory network. It is well documented. See
here. However, the problem is on a normal Windows 7 install (ie home peer-to-peer) to set up the server as part of an active directory domain is complicated, it is time consuming it is bulky, adds burden to operation of \\fileserver computer
and adds network complexity, and is generally a pain for a home user. Don't. Use a WebDAV.
Although this info is NOT for setting up EFS on an active directory domain [server],
for those interested here is the gist:
Use the Active Directory Users and Computers snap-in to configure delegation options for both users and computers. To trust a computer for delegation, open the computer’s Properties sheet and select Trusted for delegation. To allow a user
account to be delegated, open the user’s Properties sheet. On the Account tab, under Account Options, clear the The account is sensitive and cannot be delegated check box. Do not select The account is trusted for delegation. This property is not used with
EFS.
NB: decrypted data is transmitted over the network in plaintext so reduce risk by enabling IP Security to use Encapsulating Security Payload (ESP)—which will encrypt transmitted data,
Create new encrypted file / folder on a network file share - via WebDAV
For home users it is possible to make it all work.
Even better, the functionality is built into windows (pro + ultimate) so you don't need any external software and it doesn't cost anything. However, there are a few hotfixes you have to apply to make it work (see below).
Setting up a wifi AP (for those less technical):
   a) START ... CMD
   b) type (no quotes): "netsh  wlan set hostednetwork mode=allow ssid=MyPersonalWifi key=12345 keyUsage=persistent"
   c) type (no quotes): "netsh  wlan start hostednetwork"
Set up a WebDAV server on Windows 7 Pro / Ultimate
-----ON THE FILESERVER------
   1  click START and type "Turn Windows Features On or Off" and open the link
       a) scroll down to "Internet Information Services" and expand it.
       b) put a tick in: "Web Management Tools" \ "IIS Management Console"
       c) put a tick in: "World Wide Web Services" \ "Common HTTP Features" \ "WebDAV Publishing"
       d) put a tick in: "World Wide Web Services" \ "Security" \ "Basic Authentication"
       e) put a tick in: "World Wide Web Services" \ "Security" \ "Windows Authentication"
       f) click ok
       g) run HOTFIX - ONLY if NOT running Windows 7 / windows 8
KB892211 here ONLY for XP + Server 2003 (made in 2005)
KB907306 here ONLY for Vista, XP, Server 2008, Server 2003 (made in 2007)
  2 Click START and type "Internet Information Services (IIS) Manager"
  3 in IIS, on the left under "connections" click your computer, then click "WebDAV Authoring Rules", then click "Open Feature"
       a) on the right side, under Actions, click "Enable WebDAV"
  4 in IIS, on the left under "connections" click your computer, then click "Authentication", then click "Open Feature"
       a) on the "Anonymous Authentication" and click "Disable"
       b) on the "Windows Authentication" and click "Enable"
      NB: Some Win 7 will not connect to a webDAV user using Basic Authentication.
        It can be by changing registry key:
           [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WebClient\Parameters]
           BasicAuthLevel=2
       c) on the "Windows Authentication" click "Advanced Settings"
           set Extended Protection to "Required"
       NB: Extended protection enhances the windows authentication with 2 security mechanisms to reduce "man in the middle" attacks
  5 in IIS, on the left under "connections" click your computer, then click "Authorization Rules", then click "Open Feature"
       a) on the right side, under Actions, click "Add Allow Rule"
       b) set this to "all users". This will control who can view the "Default Site" through a web browser
       NB: It is possible to specify a group (eg Administrators is popular) or a user account. However, if not set to "all users" this will require the specified group/user account to be used for logged in with on the
clientpc.
       NB: Any user account specified here has to exist on the server. It has a bug in that it usernames specified here are not validated on input.
  6 in IIS, on the left under "connections" click your computer, then click "Directory Browsing", then click "Open Feature"
       a) on the right side, under Actions, click "Enable"
HOTFIX - double escaping
  7 in IIS, on the left under "connections" click your computer, then click "Request Filtering", then click "Open Feature"
       a) on the right side, under Actions, click "Edit Feature Settings"
       b) tick the box "Allow double escaping"
     *THIS IS VERY IMPORTANT* if your filenames or foldernames contain characters like "+" or "&"
     These folders will appears blank with no subdirectories, or these files will not be readable unless this is ticked
     This is safe btw. Unchecked (default) it filters out requests that might possibly be misinterpreted by buggy code (eg double decode or build url's via string-concat without proper encoding). But any bug would need to be in IIS basic
file serving and this has been rigorously tested by microsoft, so very unlikely. Its safe to "Allow double escaping".
  8 in IIS, on the left under "connections" right click "Default Web Site", then click "Add Virtual Directory"
       a) set the Alias to something sensible eg "D_Drive", set the physical path
       b) it is essential you click "connect as" and set
this to a local user (on fileserver),
       if left as "pass through authentication" a client won't be able to create a new file or folder in an encrypted efs folder (on fileserver)
             NB: the user account selected here must have the required EFS certificates installed.
                        See
here and
here
        NB: Sharing the root of a drive as an active directory (eg D:\ as "D_Drive") often can't be opened on clientpcs.
      This is due to windows setting all drive roots as hidden "administrative shares". Grrr.
       The work around is on the \\fileserver create an NTFS symbollic link
          e.g. to share the entire contents of "D:\",
                on fileserver browse to site path (iis default this to c:\inetpub\wwwroot)
                in cmd in this folder create an NTFS symbolic link to "D:\"
                so in cmd type "cd c:\inetpub\wwwroot"
                then in cmd type "mklink /D D_Drive D:\"
        NB: WebDAV will open this using a \\fileserver local user account, so double check local NTFS permissions for the local account (clients will login using)
         NB: If clientpc can see files but gets error on opening them, on clientpc click START, type "Manage Network Passwords", delete any "windows credentials" for the fileserver being used, restart
clientpc
  9 in IIS, on the left under "connections" click on "WebDAV Authoring Rules", then click "Open Feature"
       a) click "Add authoring rules". Control access to this folder by selecting "all users" or "specified groups" or "specified users", then control whether they can read/write/source
       b) if some exist review existing allow or deny.
           Take care to not only review the "allow access to" settings
           but also review "permissions" (read/write/source)
       NB: this can be set here for all added virtual directories, or can be set under each virtual directory
  10 Open your firewall software and/or your router. Make an exception for port 80 and 443
       a) In Windows Firewall with Advanced Security click Inbound Rules, click New Rule
             choose Port, enter "80, 443" (no speech marks), follow through to completion. Repeat for outbound.
          NB: take care over your choice to untick "Public", this can cause issues if no gateway is specified on the network (ie computer-to-computer with no router). See "Other problems+fixes"
below, specifically "Cant find server due to network location"
       b) Repeat firewall exceptions on each client computer you expect to access the webDAV web folders on
HOTFIX - MAJOR ISSUE - fix KB959439
  11 To fully understand this read "WebDAV HOTFIX: RAW DATA TRANSFERS" below
      a) On Windows 7 you need only change one tiny registry value:
           - click START, type "regedit", open link
           -browse to [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MRxDAV\Parameters]
           -on the EDIT menu click NEW, then click DWORD Value
           -Type "DisableEFSOnWebDav" to name it (no speech marks)
           -on the EDIT menu, click MODIFY, type 1, then click OK 
           -You MUST now restart this computer for the registry change to take effect.
      b) On Windows Server 2008 / Vista / XP you'll FIRST need to
download Windows6.0-KB959439 here. Then do the above step.
         NB microsoft will ask for your email. They don't care about licence key legality, it is more to keep you updated if they modify that hotfix
  12 To test on local machine (eg \\fileserver) and deliberately bypass the firewall.
        a) make sure WebClient Service is running
            (click START, type "services" and open, scroll down to WebClient and check its status)
        b) Open your internet software. Go to address "http://localhost:80" or "http://localhost:80"
            It should show the default "IIS7" image.
            If not, as firewall and port blocking are bypassed (using localhost) it must be a webDAV server setting. Check "Authorization Rules" are set to "Allow All Users"           
        c) for one of the "virtual directories" you added (8), add its "alias" onto "http://localhost/"
                e.g. http://localhost/D_drive
            If nothing is listed, check "Directory Browsing" is enabled
  13 To test on local machine or a networked client and deliberately try and access through the firewall or port opening of your router.
        a) make sure WebClient Service is running
            (click START, type "services" and open, scroll down to WebClient and check its status)
        b) open your internet software. Go to address "http://<computer>:80" or "http://<computer>:80".
              eg if your server's computer name is "fileserver" go to "http://fileserver:80"
              It should show the default "IIS7" image. If not, check firewall and port blocking. 
              Any issue ie if (12) works but (13) doesn't,  will indicate a possible firewall issue or router port blocking issue.
       c) for one of the "virtual directories" you added (8), add its "alias" onto "http://<computername>:80/"
               eg if alias is "C_driver" and your server's computer name is "fileserver" go to "http://fileserver:80/C_drive"
               A directory listing of files should appear.
--- ON EACH CLIENT ----
HOTFIX - improve upload + download speeds
  14 Click START and type "Internet Options" and open the link
        a) click the "Connections" tab at the top
        b) click the "LAN Settings" button at the bottom right
        c) untick "Automatically detect settings"
HOTFIX - remove 50mb file limit
  15 On Windows 7 you need only change one tiny registry value:
      a) click START, type "regedit", open link
      b) browse to [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WebClient\Parameters]
       c) click on "FileSizeLimitInBytes"
       d) on the EDIT menu, click MODIFY, type "ffffffff", then click OK (no quotes)
HOTFIX - remove prompt for user+pass on opening an office or pdf document via WebDAV
 16 On each clientpc click START, type "Internet Options" and open it
         a) click on "Security" (top) and then "Custom level" (bottom)
         b) scroll right to the bottom and under "User Authentication" select "Automatic logon with current username and password"
         SUCH an easy fix. SUCH an annoying problem on a clientpc
   NB: this is only an issue if the file is opened through windows explorer. If opened through the "open" dialogue of the software itself, it doesn't happen. This is as a WebDAV mapped drive is consdered a "web folder" by windows
explorer.
TEST SETUP
  17 On the client use the normal "map network drive"
            e.g. server= "http://fileserver:80/C_drive", tick reconnect at logon
            e.g. CMD: net use * "http://fileserver:80/C_drive"
         If it doens't work check "WebDAV Authoring Rules" and check NTFS permissions for these folders. Check that on the filserver the elected impersonation user that the client is logging in with (clientpc
"manage network passwords") has NTFS permissions.
  18 Test that EFS is now working over the network
       a) On a clientpc, map network drive to http://fileserver/
       b) navigate to a folder you know on the \\flieserver is encrypted with EFS
       c) create a new folder, create a new file.
           IF it throws an error, check carefully you mapped to the WebDAV and not file share
              i.e. mapped to "http://fileserver" not "\\fileserver"
           Check that on clientpc the required efs certificate is installed. Then check carefully on clientpc what user account you specified during the map drive process. Then check on the \\fileserver this
account exists and has the required EFS certificate installed for use. If necessary, on clientpc click START, type "Manage Network Passwords" and delete the windows credentials currently in the vault.
       d) on clientpc (through a webDAV mapped folder) open an encrypted file, edit it, save it, close it. On the \\fileserver now check that file is readable and not gobble-de-goup
       e) on clientpc copy an encrypted efs file into a folder (a webDAV mapped folder) you know is not encrypted on \\fileserver. Now check on the \\fileserver computer that the file is readable and not gobble-de-goup (ie the
clientpc decrypted it then copied it).
        If this fails, it is likely one in IIS setting on fileserver one of the shared virtual directories is set to: "pass through authentication" when it should be set to "connect as"
        If this is not readable check step (11) and that you restarted the \\fileserver computer.
  19 Test that clients don't get the VERY annoying prompt when opening an Office or PDF doc
      a) on clientpc in windows explorer browse to a mapped folder you know is encrypted and open an office file and then PDF.
            If a prompt for user+pass then check hotfix (16)
  20 Consider setting up a recycling bin for this mapped drive, so files are sent to recycling bin not permanently deleted
      a) see the last comment at the very bottom of
this page: 
Points to consider:
   - NB: WebDAV runs on \\fileserver under a local user account, so double check local NTFS permissions for that local account and adjust file permissions accordingly. If the local account doesn't have permission, the webDAV / web folder share won't
either.
  - CONSIDER: IP Security (IPSec) or Secure Sockets Layer (SSL) to protect files during transport.
MORE INFO: HOTFIX: RAW DATA TRANSFERS
More info on step (11) above.
Because files remain encrypted during the file transfer and are decrypted by EFS locally, both uploads to and downloads from Web folders are raw data transfers. This is an advantage as if data is intercepted it is useless. This is a massive disadvantage as
it can cause unexpected results. IT MUST BE FIXED or you could be in deep deep water!
Consider using \\clientpc to access a webfolder on \\fileserver and copying an encrypted EFS file (over the network) to a web folder on \\fileserver that is not encrypted.
Doing this locally would automatically decrypt the file first then copy the decrypted file to the non-encrypted folder.
Doing this over the network to a web folder will copy the raw data, ie skip the decryption stage and result in the encrypted EFS file being raw copied to the non-encrypted folder. When viewed locally this file will not be recognised as encrypted (no encryption
file flag, not green in windows explorer) but it will be un-readable as its contents are still encrypted. It is now not possible to locally read this file. It can only be viewed on the \\clientpc
There is a fix:
      It is implimented above, see (11) above
      Microsoft's support page on this is excellent and short. Read "problem description" of "this microsoft webpage"
Other problems + fixes
  PROBLEM: Can't find server due to network location.
     This one took me a long time to track down to "network location".
     Win 7 uses network locations "Home" / "Work" / "Public".
     If no gateway is specified in the IP address, the network is set to '"unidentified" and so receives "Public" settings.
     This is a disaster for remote file share access as typically "network discovery" and "file sharing" are disabled under "Public"
     FIX = either set IP address manually and specify a gateway
     FIX = or  force "unidentified" network locations to assume "home" or "work" settings -
read here or
here
     FIX = or  change the "Public" "advanced network settings" to turn on "network discovery" and "file sharing" and "Password Protected Sharing". This is safe as it will require a windows
login to gain file access.
  PROBLEM: Deleting files on network drive permanently deletes them, there is no recycling bin
       By changing the location of "My Contacts" or similar to the root directory of your mapped drive, it will be added to recycling bin locations
      Read
here (i've posted a batch script to automatically make the required reg files)
I really hope this helps people. I hope the keywords + long title give it the best chance of being picked up in web searches.

What probably happens is that processes are using those mounts. And that those processes are not killed before the mounts are unmounted. Is there anything that uses those mounts?

Similar Messages

  • How to share EFS encrypted files over a network (\\workstation\c$\encrypted-file.txt)

    Hello,
    we decided to theft-protect our workstations by using EFS encryption on some important documents and directories.
    Just to be sure: I hope that data will not be readable in the case that someone physically gains access to the disk or computer with encrypted data and does not know user's name & password to log in or does not have the right encryption certificate with
    private key. Please correct me, if I'm wrong.
    All workstations are Windows 7 Professional joined to the domain controlled by Windows 2008R2 DC. We are a bit lazy, so we have generated a local, self-signed EFS certificate on a single workstation and installed this (the same) certificate on all workstations.
    Now, we are able to share EFS encrypted files for example via a NTFS formatted flash drive.
    Later, we have setup a Certificate authority (we can potentially issue new EFS personal, domain-based certificates that are published in AD), and established DRA as well (published DRA via a Group Policy).
    All logged-in users have the same (non-domain) certificate installed in their "My User Account" certificate store, cipher /y command shows the same thumbprint value.
    However, we would like to be able access files remotely, in a "lazy" way using an administrative share like
    \\workstation\c$\users\bob\document.txt. We all are Domain Admins, so NTFS and SMB privileges should be OK, unencrypted files are accessible OK.
    I have tried to issue a new certificates via the Cert Authority, putting them into "Trusted People" container etc., adding them to the "Users who can access this file:" list on the encrypted file and nothing worked.
    So is it possible to share EFS encrypted files over a workstation's share (i.e.
    \\workstation\something)?
    What should I do to get it working? :-)
    Thank you for any ideas.
    Jan

    OK, I understand that. However, I have read this article
    Using Encryption File System (Technet)
    and there is stated "Remote EFS operations on files stored on network file shares are possible in Windows 2000 or later domain environments only. Domain users can remotely encrypt or decrypt files,
    but this capability is not enabled by default"
    There are notes about computer trust etc., so I am seeking for someone who would help me a little bit with this.
    Just imagine the simplest possible "single-user" case: there are two Win7 computers A, B joined into the domain and just single user BOB. Bob uses those two computers and need to access own documents like
    \\A\DocumentsA or
    \\B\DocumentsB. Standard setup - folder sharing: everything is working fine, share and NTFS permissions are set up, BOB can work with his own "remote" documents from both computers (\\A\DocumentsA from computer B and
    vice versa).
    BOB decides to encrypt his documents. So BOB logs in computer A, starts "Manage file encryption certificates Wizard", gets an EFS Certificate from CA and encrypts his c:\Documents (shared as
    \\A\DocumentsA). I assume the EFS certificate is stored on computer A in BOB's local profile, therefore I ask:
    Now, BOB moves to the computer B and logs on.
    Q1: Will be \\A\DocumentsA accessible for BOB from B?
    Q2: If not, what should do now? Should I do something in AD for computer accounts (A and/or B) ?
    Thank you.

  • Unable to share files over the local network, OS X Lion

    About two weeks ago, my coworker and I realized that we were no longer able to share files over the local network. We have not made any changes to our preference settings. We are able to access FileMaker Pro databases files located on another computer in our office via the network, but we are unable to access any other files by trying to login to the computer remotely. We also have internet access. I am able to login to each of our work computers form home, but not from the office. I'm am not sure what has changed, but it is important that we have the ability to share files at work. Can you give me directions on how to fix our problem. Thanks!
    Debbie Roberts
    Univesrity of Texas at Austin

    I had this problem when I first setup my Mac. One thing I know is that File Sharing in System Preferences doesn't necessarily need to be on, because iTunes does all of the networking itself.
    I know that you've checked and checked again on the firewall, but what I did was turn the firewall on. In the list of ALLOW, there should be a line that is labeled iTunes Music Sharing. Check it. It was the magic link, and all of my iTunes libraries on the three computers in the house (two Windows, one my Mac) could "see" each other.
    Turning on the firewall might seem strange, but it worked for me.
    I hope this helps.
    MacBook Mac OS X (10.4.9)

  • Windows 7 problem with EFS (Encrypting file system)

    Hello colleagues!
    I think this topic is related more to the security.
    The problem is a bit unusual and google doesn't give me a clear answers, but maybe anyone came across
    with similar problem...
    In general, I suspect that my problem is EFS (Encrypting file system), ie
    service that automatically encrypts files using a digital signature (certificate).
    A little background:
    - On the work PC it was necessary to reinstall
    the system, according to corporate rules all the content we have is encrypted using EFS (Encrypted files are highlighted with green color as you know).
    I have copied all the data on a portable drive and also copied the certificates (certmgr.msc).
    The system was reinstalled. The only change - it was x32 and became x64.
    - It was necessary to free up some space on the hard drive (the file
    system on it is NTFS), so,  I temporary copied all the files on my home PC. My work certificate was installed on it too, because
    I work from home
    sometimes.
    When the  work PC was repaired, I've moved all the files back in
    the same way (ie on the portable HDD, then to the work PC).
    All files were working, but when I needed MS Word documents, it became clear that something was wrong.
    When I've opened the document, it gaveme a window with weird symbols and prompts me to select the encoding ... of course -
    no encoding was fit.
    Started to explore all the documents, it appears that some part of them were working,
    someof them not - all the old documents were working, ie the ones, which
    were created before deploying EFS (newly created or copied files immediately encrypted).
    So, now I am sure that the
    documents were somehow re-encrypted, at least on a portable hard drive, they do not look as encrypted (not highlighted in green), but it's still not open.
    Completely stopped opening all the documents that have
    been encrypted (for all types of files, ie it is not just an MS Word, but also pdf, presentations, charts, and even the pictures).
    Tell me, who faced similar?
    How can it all back? I have no possibility to restore those documents from another sources.

    Try copy those corrupted files and make sure you are using the same certificate and then re-encrypt the copied files and try decrypt them.
    If possible, use the same account as you used for encryption.

  • How to prevent EFS encrypted files getting green color

    hi friends
    as we know, when we encrypt files via EFS, they get green color so users find out that these are encrypted files. i don't want such thing. 
    is there any method to prevent EFS encrypted files getting green color?
    thanks in advance

    You can set it via Folder Options in Control Panel or in Windows Explorer, and there is a related Group Policy.
    This thread has the details - the configuration
    options apply both to 'green' and 'blue' (compressed) files.
    Elke
    hi Elke.
    nice, thank you very much
    regards

  • Sending Files over a Windows Network

    I am trying to send files from one computer to the other over a windows network. I have absolute path names of the two locations.
    Can you just use "File.renameTo(File);" to pull this off?
    Is there a fast way to move files over a windows network?
    Thanks so much for your help

    With File.renameTo()? Yes.
    between directories on different local drives? Yes.
    or different nodes in a network?I'm not sure what you mean by that, which is most probably my lack of knowledge about computer networking.
    Here's the test I performed:
    File a = new File("C:/Temp/test.txt");
    // 'E:' is (physicaly) a different hard drive than 'C:'
    File b = new File("E:/Temp/test.txt");   
    System.out.println(a.renameTo(b));
    // 'Athene' is a home-SAN-drive/server connected to my router
    File c = new File("//Athene/SHARE/Temp/test.txt");
    System.out.println(b.renameTo(c));Both print true and in both cases I have checked to see if the files really were moved, which was the case.

  • EFS(Encrypting File System ) Folder can work for cloning Windows 7 PC?

    Dear All,
      I am using EFS  (Encrypting File System) on a Windows 7 notebook to encrypt a folder.
      I would like to clone this notebook to several other notebooks.
      Will the EFS still work on the cloned PC?

    Hi,
    As I know, after cloning the system, the SID may be changed. So, the EFS folder unable to open.
    But if you have the EFS certificate, you can still use the folder with no issue.
    In theory, the EFS can work on the cloned PC, please backup the certificate first.
    Back up Encrypting File System (EFS) certificate:
    http://windows.microsoft.com/en-in/windows/back-up-efs-certificate#1TC=windows-7
    Hope it helps.
    Regards,
    Blair Deng
    Blair Deng
    TechNet Community Support

  • How can I download a file over the internet from a WebDAV server?

    I am trying to download a file over the internet from a WebDAV server. I've tried doing it with Datasocket as suggested in these articles,
    <a href="http://digital.ni.com/public.nsf/websearch/f3cc5f7e60a75cb2862567e700696abf?opendocument">Retrieving an Unformatted Text File via FTP or HTTP Using DataSocket</a>
    <a href="http://digital.ni.com/public.nsf/websearch/4FA09E7B3674DA34C1256BD400555C41?OpenDocument">Download a Text File from a Password Protected URL Using DataSocket</a>
    but all I get is error 1181 (protocol unrecognized by Datasocket).
    I know I have the URL correct, because I can put it into a web browser and it works fine - I can download the file manually.
    But I want to have a LabVIEW program do the download automatically.
    I have the internet toolkit, but don't have the foggiest clue how to use it, and am using LabVIEW 7.1
    I am a bit out of my depth here, so any advice welcome.
    Regards,
    Mark.

    MIG,
    What is the URL to the website? Is it an FTP site? The articles you referenced are for specific transfer protocols. If the stie you're trying to get to doesn't follow these protocols, then you'll get the error you're seeing. You may have to use ActiveX to control IE and download the files programmatically.
    Chris C
    Chris Cilino
    National Instruments
    LabVIEW Product Marketing Manager
    Certified LabVIEW Architect

  • Access Denied error when trying to print over the network

    I just upgraded my Internet service and leased a new modem. My laptop is connected to the network and is able to browse the Internet. I have file and printer shared tuned on on both the desktop and the laptop. The printer is listed on my laptop, but I cannot print over the network to my HP PSC 1401 All In One. I get an Access Denied error even though the printer should still be connected to the network.

    bump

  • Access Denied Errors Copying Files to Network Share

    We recently upgraded to Coldfusion MX 7 (7.02 Windows) and
    Windows 2003 Server. Now I am getting access-denied errors when
    attempting to copy files to a network share (not a mapped drive -
    \\server\share) using <cffile action="copy">. All other file
    copy operations work fine. This has been working fine for several
    months but broke when we upgraded to MX 7 and Windows 2003. Any
    suggestions for a solution would be apprectiated.

    I figured out what the problem is in case anyone else is
    interested. The Coldfusion Application Server service is by default
    set to run as local only. You need to set this service to run under
    a user that has access to network resources and rights to the
    destination path.

  • Access denied error while writing a file to the file system - myfileupload.saveas() throws system.unauthorizedexception

    hi,
    as part of my requirement , i have to perform read and  write  operations of  few files [ using the file upload control in my custom visual web part] and on submit button click.
    but while writing these files - with the help of  fileupload control - and when i use  myfileupload.saveas(mylocation);
    - i am saving these files into my D:\ drive of my server , where i am executing my code -, am getting access denied error.
    it throws system.unauthorizedexception.
    i have given full control on that folder where i was trying to store my attached files. and also  after following asp.net forums,
    i have added  iusr group added and performed all those steps such that, the file is saved in my D:\ drive.
    but unfortunately  that didnt happen.
    also
    a) i am trying the code with runwithelevatedprivileges(delegate() )  code
    b) shared the drive within the  d :drive where i want o save the files.
    c) given the full privieleges for the app pool identity- in my case , its
    network service.
    the  other strange thing is that, the same code works perfectly in  other machine, where the same sp, vs 2012  etc were installed .
    would like to know, any other changes/ steps i need to make it on this  server, where i am getting the  error.
    help is  appreciated!

    vishnuS1984 wrote:
    Hi Friends,
    I have gone through scores of examples and i am failing to understand the right thing to be done to copy a file from one directory to another. Here is my class...So let's see... C:\GetMe1 is a directory on your machine, right? And this is what you are doing with that directory:
    public static void copyFiles(File src, File dest) throws IOException
    // dest is a 'File' object but represents the C:\GetMe1 directory, right?
    fout = new FileOutputStream (dest);If it's a directory, where in your code are you appending the source file name to the path, before trying to open an output stream on it? You're not.
    BTW, this is awful:
    catch (IOException e)
    IOException wrapper = new IOException("copyFiles: Unable to copy file: " +
    src.getAbsolutePath() + "to" + dest.getAbsolutePath()+".");
    wrapper.initCause(e);
    wrapper.setStackTrace(e.getStackTrace());
    throw wrapper;
    }1) You're hiding the original IOException and replacing it with your own? For what good purpose?
    2) Even if you had a good reason to do that, this would be simpler and better:
    throw new IOException("your custom message goes here", e);
    rather than explicitly invokign initCause and setStackTrace. Yuck!

  • Error "creating file: 1008:5, -5000 Access Denied Error"

    I'm unable to install Flash Player 9 in OS X (10.4.8). I
    followed the following tech note:
    http://www.adobe.com/go/4aa64290
    * I uninstalled Flash Player using the uninstaller
    * I repaired disk permissions
    * I tried re-installing Flash Player
    I still get the error message saying I don't have the
    appropriate permissions.
    Some background: I'm upgrading from a G5 tower to a new Mac
    Pro. I ran the migration utility to copy over my user settings,
    apps, etc. I noticed that pages with Flash were crashing the
    browser(s) instantly. Of course, that's because the PowerPC version
    was previously installed. I uninstalled and tried to re-install.
    When I got the above error, searched the support area and found the
    tech note saying to uninstall (done), repair permissions (done),
    then re-install (fails.)
    I'm stumped.
    Any suggestions?

    I have the same problem, after trying more than a few times
    to install the
    player, uninstall it, uninstall the Firefox 2, reinstall
    Firefox... with the
    same result : it says that I need a plugin, and put me to the
    page of the Flash
    player installer...
    I had this new error message after erasing, as it was
    proposed on a forum, the
    Internet plug-ins directory... "creating file: 1008:5, -5000
    Access Denied
    Error"
    I never had this message before. I have all the rights and
    have installed lots
    of softwares. I tried to use the terminal way... but this is
    a long way for me
    on a Mac... I would be able on a PC but I can't even
    "navigate to this
    directory"...
    Do I have to say that this Flash player is now quite
    important for lots of web
    sites... This is really the first time I have a problem with
    Flash. Is it the
    Intel Mac ?? No, it seems Windows have also its probs. Thanks
    for a reply... or
    a solution !

  • Access Denied error with basic XML file operations

    Hi,
    I'm trying to set up a basic read, write and delete code for XML files which I can build upon in the future. The three methods are bound to three buttons on the page and all three calls are awaited. Here's my code:
    Write:
    XElement uservarnodes = new XElement("uservars",
    new XElement("uservar1", "1"),
    new XElement("uservar2", "2"),
    new XElement("uservar3", "3"),
    new XElement("uservar4", "4"),
    new XElement("uservar5", "5"),
    new XElement("uservar6", "6"),
    new XElement("uservar7", "7"),
    new XElement("uservar8", "8"));
    StorageFolder local = Windows.Storage.ApplicationData.Current.LocalFolder;
    var file = await local.CreateFileAsync("uservarfile.xml", CreationCollisionOption.ReplaceExisting);
    var stream = await file.OpenAsync(Windows.Storage.FileAccessMode.ReadWrite);
    using (var outputStream = stream.GetOutputStreamAt(0))
    DataWriter mydataWriter = new DataWriter(outputStream);
    mydataWriter.WriteString(uservarnodes.ToString());
    await mydataWriter.StoreAsync();
    await outputStream.FlushAsync();
    Read (outputs the data to a textblock):
    StorageFolder local = Windows.Storage.ApplicationData.Current.LocalFolder;
    var file = await local.GetFileAsync("uservarfile.xml");
    string readtext = await Windows.Storage.FileIO.ReadTextAsync(file);
    XElement uservarnodes = XElement.Parse(readtext);
    txtTarget.Text = uservarnodes.ToString();
    Delete:
    StorageFolder local = Windows.Storage.ApplicationData.Current.LocalFolder;
    var file = await local.GetFileAsync("uservarfile.xml");
    await file.DeleteAsync(StorageDeleteOption.PermanentDelete);
    When I tap each of the buttons once it all seems to work. But when I tap any of the buttons again within the same debug session I get an Access denied exception (E_ACCESSDENIED). Other people with this error had to await when calling their method, but I'm
    already doing that: private async void btnWrite_Click(object sender, RoutedEventArgs e) { await WriteToXMLFile(); }, etc.
    And the intervals between my taps isn't that short that you'd expect that the previously called method still had not finished completing. I don't understand why I'm getting the access denied error.
    Related to my question: I have added XML to the File Type Associations, File Open Picker and File Save Picker in the appxmanifest, but somewhere I read that you do not need to do this if you're working with local app data only. Is this true?

    var stream = await file.OpenAsync(Windows.Storage.FileAccessMode.ReadWrite);
    I think because of your file stream hasn't been closed.
    by the way, it can be easier  by using System.IO.OpenStreamForWriteAsync extension method
    async public static Task<bool> SaveTextFileAsync(string filename, string data)
    byte[] fileBytes = System.Text.Encoding.UTF8.GetBytes(data);
    StorageFolder local = Windows.Storage.ApplicationData.Current.LocalFolder;
    var file = await local.CreateFileAsync(filename, CreationCollisionOption.ReplaceExisting);
    try
    using (var s = await file.OpenStreamForWriteAsync())
    s.Write(fileBytes, 0, fileBytes.Length);
    return true;
    catch
    return false;
    (need using System.IO namespace)
    在現實生活中,你和誰在一起的確很重要,甚至能改變你的成長軌跡,決定你的人生成敗。 和什麼樣的人在一起,就會有什麼樣的人生。 和勤奮的人在一起,你不會懶惰; 和積極的人在一起,你不會消沈; 與智者同行,你會不同凡響; 與高人為伍,你能登上巔峰。

  • Sql agent job getting file access denied error

    I'm not sure if this question belongs in this forum. Please move it if you want to.
    Here is my question. I have an ssis package that is running into an error at the file system task trying to move a file. The package is deployed to the catalog and I am running the package using the stored procedure
    [SSISDB].[catalog].[start_execution] @execution_id
    When I execute this stored proc in Management Studio while logged in under a sysadmin, everything works fine. But when I call the same TQL in SQL Agent job, I get a file access denied error. This has something to do with the id that is getting used
    to run the package and I am not sure how to track that down. Any help would be appreciated.
    I've check the windows permission on both the id that is running the SQL Agent and SQL SSIS Service. Both seem to have the right windows permission.

    Please see:
    http://support.microsoft.com/kb/918760

  • Getting access denied error while importing file using input type="file"

    Hi All,
    I am using struts application wherein I need to import file for some purpose.I have used input type="file" for the same which goes like:
    <input type="file" id="uploadFile" name="uploadFile" size="50">
    I have the import button on which I have used onClick event to call javascript function submitValues() used to validate all the fields from the page which goes like:
    <input type="button" name="select" value="Import" class="CSSButton" onClick="javascript:submitValues();">
    The JS function then in turn submits the form and calls the action.The problem is sometimes even when the correct path is specified for the file to be imported results in access denied error.This error comes sometimes and other times it works fine.But when this error comes,I need to relogin into the application and then it works fine.I am using IE7 for this.
    Any idea why I am getting access denied error while importing? Has it got something to do with IE7 version or with the input type="file" which is being used here?
    Thanks for any help if anyone can provide.
    Edited by: passionateforjava on Mar 4, 2009 2:18 AM

    vishnuS1984 wrote:
    Hi Friends,
    I have gone through scores of examples and i am failing to understand the right thing to be done to copy a file from one directory to another. Here is my class...So let's see... C:\GetMe1 is a directory on your machine, right? And this is what you are doing with that directory:
    public static void copyFiles(File src, File dest) throws IOException
    // dest is a 'File' object but represents the C:\GetMe1 directory, right?
    fout = new FileOutputStream (dest);If it's a directory, where in your code are you appending the source file name to the path, before trying to open an output stream on it? You're not.
    BTW, this is awful:
    catch (IOException e)
    IOException wrapper = new IOException("copyFiles: Unable to copy file: " +
    src.getAbsolutePath() + "to" + dest.getAbsolutePath()+".");
    wrapper.initCause(e);
    wrapper.setStackTrace(e.getStackTrace());
    throw wrapper;
    }1) You're hiding the original IOException and replacing it with your own? For what good purpose?
    2) Even if you had a good reason to do that, this would be simpler and better:
    throw new IOException("your custom message goes here", e);
    rather than explicitly invokign initCause and setStackTrace. Yuck!

Maybe you are looking for