EFS(Encrypting File System ) Folder can work for cloning Windows 7 PC?

Similar Messages

• Windows 7 problem with EFS (Encrypting file system)

  Hello colleagues!
  I think this topic is related more to the security.
  The problem is a bit unusual and google doesn't give me a clear answers, but maybe anyone came across
  with similar problem...
  In general, I suspect that my problem is EFS (Encrypting file system), ie
  service that automatically encrypts files using a digital signature (certificate).
  A little background:
  - On the work PC it was necessary to reinstall
  the system, according to corporate rules all the content we have is encrypted using EFS (Encrypted files are highlighted with green color as you know).
  I have copied all the data on a portable drive and also copied the certificates (certmgr.msc).
  The system was reinstalled. The only change - it was x32 and became x64.
  - It was necessary to free up some space on the hard drive (the file
  system on it is NTFS), so,  I temporary copied all the files on my home PC. My work certificate was installed on it too, because
  I work from home
  sometimes.
  When the  work PC was repaired, I've moved all the files back in
  the same way (ie on the portable HDD, then to the work PC).
  All files were working, but when I needed MS Word documents, it became clear that something was wrong.
  When I've opened the document, it gaveme a window with weird symbols and prompts me to select the encoding ... of course -
  no encoding was fit.
  Started to explore all the documents, it appears that some part of them were working,
  someof them not - all the old documents were working, ie the ones, which
  were created before deploying EFS (newly created or copied files immediately encrypted).
  So, now I am sure that the
  documents were somehow re-encrypted, at least on a portable hard drive, they do not look as encrypted (not highlighted in green), but it's still not open.
  Completely stopped opening all the documents that have
  been encrypted (for all types of files, ie it is not just an MS Word, but also pdf, presentations, charts, and even the pictures).
  Tell me, who faced similar?
  How can it all back? I have no possibility to restore those documents from another sources.

  Try copy those corrupted files and make sure you are using the same certificate and then re-encrypt the copied files and try decrypt them.
  If possible, use the same account as you used for encryption.

• EFS Encrypted Files over home workgroup network via WebDAV avoiding Active Directory fixing Access Denied errors

  This is for information to help others
  KEYWORDS:
    - Sharing EFS encrypted files over a personal lan wlan wifi ap network
    - Access denied on create new file / new fold on encrypted EFS network file share remote mapped folder
    - transfer encryption keys / certificates
    - set trusted delegation for user + computer for EFS encrypted files via
  Kerberos
    - Windows Active Directory vs network file share
    - Setting up WinDAV server on Windows 7 Pro / Ultimate
  It has been a long painful road to discover this information.
  I hope sharing it helps you.
  Using EFS on Windows 7 pro / ultimate is easy and works great. See
  here and
  here
  So too is opening + editing encrypted files over a peer-to-peer Windows 7 network.
  HOWEVER, creating a new file / new folder over a peer-to-peer Windows 7 network
  won't work (unless you follow below steps).
  Typically, it is only discovered as an issue when a home user wants to use synchronisation software between their home computers which happens to have a few folders encrypted using windows EFS. I had this issue trying to use GoodSync.
  Typically an "Access Denied" error messages is thrown when a \\clientpc tries to create new folder / new file in an encrypted folder on a remote file share \\fileserver.
  Why such a EFS drama when a network is involved?
  Assume a home peer-to-peer network with 2pc:  \\fileserver  and  \\clientpc
  When a \\clientpc tries to create a new file or new folder on a \\fileserver (remote computer) it fails. In a terribly simplified explanation it is because the process on \\fileserver that is answering the network requests is a process working for a user on
  another machine (\\clientpc) and that \\fileserver process doesn't have access to an encryption certificate (as it isn't a user). Active Directory gets around this by using kerberos so the process can impersonate a \\fileserver user and then use their certificate
  (on behalf of the clienpc's data request).
  This behaviour is confusing, as a \\clientpc can open or edit an existing efs encrypted file or folder, just can't create a new file or folder. The reason editing + opening an encrypted file over a network file share is possible is because the encrypted
  file / folder already has an encryption certificate, so it is clear which certificate is required to open/edit the file. Creating a new file/folder requires a certificate to be assigned and a process doesn't have a profile or certificates assigned.
  Solutions
  There are two main approaches to solve this:
       1) SOLVE by setting up an Active Directory (efs files accessed through file shares)
            EFS operations occur on the computer storing the files.
            EFS files are decrypted then transmitted in plaintext to the client's computer
            This makes use of kerberos to impersonate a local user (and use their certificate for encrypt + decrypt)
       2) SOLVE by setting up WebDAV (efs files accessed through web folders)
             EFS operations occur on the client's local computer
             EFS files remain encrypted during transmission to the client's local computer where it is decrypted
             This avoids active directory domains, roaming or remote user profiles and having to be trusted for delegation.
             BUT it is a pain to set up, and most online WebDAV server setup sources are not for home peer-to-peer networks or contain details on how to setup WebDAV for EFS file provision
           READ BELOW as this does
  Create new encrypted file / folder on a network file share - via Active Directory
  It is easily possible to sort this out on a domain based (corporate) active directory network. It is well documented. See
  here. However, the problem is on a normal Windows 7 install (ie home peer-to-peer) to set up the server as part of an active directory domain is complicated, it is time consuming it is bulky, adds burden to operation of \\fileserver computer
  and adds network complexity, and is generally a pain for a home user. Don't. Use a WebDAV.
  Although this info is NOT for setting up EFS on an active directory domain [server],
  for those interested here is the gist:
  Use the Active Directory Users and Computers snap-in to configure delegation options for both users and computers. To trust a computer for delegation, open the computer’s Properties sheet and select Trusted for delegation. To allow a user
  account to be delegated, open the user’s Properties sheet. On the Account tab, under Account Options, clear the The account is sensitive and cannot be delegated check box. Do not select The account is trusted for delegation. This property is not used with
  EFS.
  NB: decrypted data is transmitted over the network in plaintext so reduce risk by enabling IP Security to use Encapsulating Security Payload (ESP)—which will encrypt transmitted data,
  Create new encrypted file / folder on a network file share - via WebDAV
  For home users it is possible to make it all work.
  Even better, the functionality is built into windows (pro + ultimate) so you don't need any external software and it doesn't cost anything. However, there are a few hotfixes you have to apply to make it work (see below).
  Setting up a wifi AP (for those less technical):
     a) START ... CMD
     b) type (no quotes): "netsh  wlan set hostednetwork mode=allow ssid=MyPersonalWifi key=12345 keyUsage=persistent"
     c) type (no quotes): "netsh  wlan start hostednetwork"
  Set up a WebDAV server on Windows 7 Pro / Ultimate
  -----ON THE FILESERVER------
     1  click START and type "Turn Windows Features On or Off" and open the link
         a) scroll down to "Internet Information Services" and expand it.
         b) put a tick in: "Web Management Tools" \ "IIS Management Console"
         c) put a tick in: "World Wide Web Services" \ "Common HTTP Features" \ "WebDAV Publishing"
         d) put a tick in: "World Wide Web Services" \ "Security" \ "Basic Authentication"
         e) put a tick in: "World Wide Web Services" \ "Security" \ "Windows Authentication"
         f) click ok
         g) run HOTFIX - ONLY if NOT running Windows 7 / windows 8
  KB892211 here ONLY for XP + Server 2003 (made in 2005)
  KB907306 here ONLY for Vista, XP, Server 2008, Server 2003 (made in 2007)
    2 Click START and type "Internet Information Services (IIS) Manager"
    3 in IIS, on the left under "connections" click your computer, then click "WebDAV Authoring Rules", then click "Open Feature"
         a) on the right side, under Actions, click "Enable WebDAV"
    4 in IIS, on the left under "connections" click your computer, then click "Authentication", then click "Open Feature"
         a) on the "Anonymous Authentication" and click "Disable"
         b) on the "Windows Authentication" and click "Enable"
        NB: Some Win 7 will not connect to a webDAV user using Basic Authentication.
          It can be by changing registry key:
             [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WebClient\Parameters]
             BasicAuthLevel=2
         c) on the "Windows Authentication" click "Advanced Settings"
             set Extended Protection to "Required"
         NB: Extended protection enhances the windows authentication with 2 security mechanisms to reduce "man in the middle" attacks
    5 in IIS, on the left under "connections" click your computer, then click "Authorization Rules", then click "Open Feature"
         a) on the right side, under Actions, click "Add Allow Rule"
         b) set this to "all users". This will control who can view the "Default Site" through a web browser
         NB: It is possible to specify a group (eg Administrators is popular) or a user account. However, if not set to "all users" this will require the specified group/user account to be used for logged in with on the
  clientpc.
         NB: Any user account specified here has to exist on the server. It has a bug in that it usernames specified here are not validated on input.
    6 in IIS, on the left under "connections" click your computer, then click "Directory Browsing", then click "Open Feature"
         a) on the right side, under Actions, click "Enable"
  HOTFIX - double escaping
    7 in IIS, on the left under "connections" click your computer, then click "Request Filtering", then click "Open Feature"
         a) on the right side, under Actions, click "Edit Feature Settings"
         b) tick the box "Allow double escaping"
       *THIS IS VERY IMPORTANT* if your filenames or foldernames contain characters like "+" or "&"
       These folders will appears blank with no subdirectories, or these files will not be readable unless this is ticked
       This is safe btw. Unchecked (default) it filters out requests that might possibly be misinterpreted by buggy code (eg double decode or build url's via string-concat without proper encoding). But any bug would need to be in IIS basic
  file serving and this has been rigorously tested by microsoft, so very unlikely. Its safe to "Allow double escaping".
    8 in IIS, on the left under "connections" right click "Default Web Site", then click "Add Virtual Directory"
         a) set the Alias to something sensible eg "D_Drive", set the physical path
         b) it is essential you click "connect as" and set
  this to a local user (on fileserver),
         if left as "pass through authentication" a client won't be able to create a new file or folder in an encrypted efs folder (on fileserver)
               NB: the user account selected here must have the required EFS certificates installed.
                          See
  here and
  here
          NB: Sharing the root of a drive as an active directory (eg D:\ as "D_Drive") often can't be opened on clientpcs.
        This is due to windows setting all drive roots as hidden "administrative shares". Grrr.
         The work around is on the \\fileserver create an NTFS symbollic link
            e.g. to share the entire contents of "D:\",
                  on fileserver browse to site path (iis default this to c:\inetpub\wwwroot)
                  in cmd in this folder create an NTFS symbolic link to "D:\"
                  so in cmd type "cd c:\inetpub\wwwroot"
                  then in cmd type "mklink /D D_Drive D:\"
          NB: WebDAV will open this using a \\fileserver local user account, so double check local NTFS permissions for the local account (clients will login using)
           NB: If clientpc can see files but gets error on opening them, on clientpc click START, type "Manage Network Passwords", delete any "windows credentials" for the fileserver being used, restart
  clientpc
    9 in IIS, on the left under "connections" click on "WebDAV Authoring Rules", then click "Open Feature"
         a) click "Add authoring rules". Control access to this folder by selecting "all users" or "specified groups" or "specified users", then control whether they can read/write/source
         b) if some exist review existing allow or deny.
             Take care to not only review the "allow access to" settings
             but also review "permissions" (read/write/source)
         NB: this can be set here for all added virtual directories, or can be set under each virtual directory
    10 Open your firewall software and/or your router. Make an exception for port 80 and 443
         a) In Windows Firewall with Advanced Security click Inbound Rules, click New Rule
               choose Port, enter "80, 443" (no speech marks), follow through to completion. Repeat for outbound.
            NB: take care over your choice to untick "Public", this can cause issues if no gateway is specified on the network (ie computer-to-computer with no router). See "Other problems+fixes"
  below, specifically "Cant find server due to network location"
         b) Repeat firewall exceptions on each client computer you expect to access the webDAV web folders on
  HOTFIX - MAJOR ISSUE - fix KB959439
    11 To fully understand this read "WebDAV HOTFIX: RAW DATA TRANSFERS" below
        a) On Windows 7 you need only change one tiny registry value:
             - click START, type "regedit", open link
             -browse to [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MRxDAV\Parameters]
             -on the EDIT menu click NEW, then click DWORD Value
             -Type "DisableEFSOnWebDav" to name it (no speech marks)
             -on the EDIT menu, click MODIFY, type 1, then click OK 
             -You MUST now restart this computer for the registry change to take effect.
        b) On Windows Server 2008 / Vista / XP you'll FIRST need to
  download Windows6.0-KB959439 here. Then do the above step.
           NB microsoft will ask for your email. They don't care about licence key legality, it is more to keep you updated if they modify that hotfix
    12 To test on local machine (eg \\fileserver) and deliberately bypass the firewall.
          a) make sure WebClient Service is running
              (click START, type "services" and open, scroll down to WebClient and check its status)
          b) Open your internet software. Go to address "http://localhost:80" or "http://localhost:80"
              It should show the default "IIS7" image.
              If not, as firewall and port blocking are bypassed (using localhost) it must be a webDAV server setting. Check "Authorization Rules" are set to "Allow All Users"           
          c) for one of the "virtual directories" you added (8), add its "alias" onto "http://localhost/"
                  e.g. http://localhost/D_drive
              If nothing is listed, check "Directory Browsing" is enabled
    13 To test on local machine or a networked client and deliberately try and access through the firewall or port opening of your router.
          a) make sure WebClient Service is running
              (click START, type "services" and open, scroll down to WebClient and check its status)
          b) open your internet software. Go to address "http://<computer>:80" or "http://<computer>:80".
                eg if your server's computer name is "fileserver" go to "http://fileserver:80"
                It should show the default "IIS7" image. If not, check firewall and port blocking. 
                Any issue ie if (12) works but (13) doesn't,  will indicate a possible firewall issue or router port blocking issue.
         c) for one of the "virtual directories" you added (8), add its "alias" onto "http://<computername>:80/"
                 eg if alias is "C_driver" and your server's computer name is "fileserver" go to "http://fileserver:80/C_drive"
                 A directory listing of files should appear.
  --- ON EACH CLIENT ----
  HOTFIX - improve upload + download speeds
    14 Click START and type "Internet Options" and open the link
          a) click the "Connections" tab at the top
          b) click the "LAN Settings" button at the bottom right
          c) untick "Automatically detect settings"
  HOTFIX - remove 50mb file limit
    15 On Windows 7 you need only change one tiny registry value:
        a) click START, type "regedit", open link
        b) browse to [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WebClient\Parameters]
         c) click on "FileSizeLimitInBytes"
         d) on the EDIT menu, click MODIFY, type "ffffffff", then click OK (no quotes)
  HOTFIX - remove prompt for user+pass on opening an office or pdf document via WebDAV
   16 On each clientpc click START, type "Internet Options" and open it
           a) click on "Security" (top) and then "Custom level" (bottom)
           b) scroll right to the bottom and under "User Authentication" select "Automatic logon with current username and password"
           SUCH an easy fix. SUCH an annoying problem on a clientpc
     NB: this is only an issue if the file is opened through windows explorer. If opened through the "open" dialogue of the software itself, it doesn't happen. This is as a WebDAV mapped drive is consdered a "web folder" by windows
  explorer.
  TEST SETUP
    17 On the client use the normal "map network drive"
              e.g. server= "http://fileserver:80/C_drive", tick reconnect at logon
              e.g. CMD: net use * "http://fileserver:80/C_drive"
           If it doens't work check "WebDAV Authoring Rules" and check NTFS permissions for these folders. Check that on the filserver the elected impersonation user that the client is logging in with (clientpc
  "manage network passwords") has NTFS permissions.
    18 Test that EFS is now working over the network
         a) On a clientpc, map network drive to http://fileserver/
         b) navigate to a folder you know on the \\flieserver is encrypted with EFS
         c) create a new folder, create a new file.
             IF it throws an error, check carefully you mapped to the WebDAV and not file share
                i.e. mapped to "http://fileserver" not "\\fileserver"
             Check that on clientpc the required efs certificate is installed. Then check carefully on clientpc what user account you specified during the map drive process. Then check on the \\fileserver this
  account exists and has the required EFS certificate installed for use. If necessary, on clientpc click START, type "Manage Network Passwords" and delete the windows credentials currently in the vault.
         d) on clientpc (through a webDAV mapped folder) open an encrypted file, edit it, save it, close it. On the \\fileserver now check that file is readable and not gobble-de-goup
         e) on clientpc copy an encrypted efs file into a folder (a webDAV mapped folder) you know is not encrypted on \\fileserver. Now check on the \\fileserver computer that the file is readable and not gobble-de-goup (ie the
  clientpc decrypted it then copied it).
          If this fails, it is likely one in IIS setting on fileserver one of the shared virtual directories is set to: "pass through authentication" when it should be set to "connect as"
          If this is not readable check step (11) and that you restarted the \\fileserver computer.
    19 Test that clients don't get the VERY annoying prompt when opening an Office or PDF doc
        a) on clientpc in windows explorer browse to a mapped folder you know is encrypted and open an office file and then PDF.
              If a prompt for user+pass then check hotfix (16)
    20 Consider setting up a recycling bin for this mapped drive, so files are sent to recycling bin not permanently deleted
        a) see the last comment at the very bottom of
  this page: 
  Points to consider:
     - NB: WebDAV runs on \\fileserver under a local user account, so double check local NTFS permissions for that local account and adjust file permissions accordingly. If the local account doesn't have permission, the webDAV / web folder share won't
  either.
    - CONSIDER: IP Security (IPSec) or Secure Sockets Layer (SSL) to protect files during transport.
  MORE INFO: HOTFIX: RAW DATA TRANSFERS
  More info on step (11) above.
  Because files remain encrypted during the file transfer and are decrypted by EFS locally, both uploads to and downloads from Web folders are raw data transfers. This is an advantage as if data is intercepted it is useless. This is a massive disadvantage as
  it can cause unexpected results. IT MUST BE FIXED or you could be in deep deep water!
  Consider using \\clientpc to access a webfolder on \\fileserver and copying an encrypted EFS file (over the network) to a web folder on \\fileserver that is not encrypted.
  Doing this locally would automatically decrypt the file first then copy the decrypted file to the non-encrypted folder.
  Doing this over the network to a web folder will copy the raw data, ie skip the decryption stage and result in the encrypted EFS file being raw copied to the non-encrypted folder. When viewed locally this file will not be recognised as encrypted (no encryption
  file flag, not green in windows explorer) but it will be un-readable as its contents are still encrypted. It is now not possible to locally read this file. It can only be viewed on the \\clientpc
  There is a fix:
        It is implimented above, see (11) above
        Microsoft's support page on this is excellent and short. Read "problem description" of "this microsoft webpage"
  Other problems + fixes
    PROBLEM: Can't find server due to network location.
       This one took me a long time to track down to "network location".
       Win 7 uses network locations "Home" / "Work" / "Public".
       If no gateway is specified in the IP address, the network is set to '"unidentified" and so receives "Public" settings.
       This is a disaster for remote file share access as typically "network discovery" and "file sharing" are disabled under "Public"
       FIX = either set IP address manually and specify a gateway
       FIX = or  force "unidentified" network locations to assume "home" or "work" settings -
  read here or
  here
       FIX = or  change the "Public" "advanced network settings" to turn on "network discovery" and "file sharing" and "Password Protected Sharing". This is safe as it will require a windows
  login to gain file access.
    PROBLEM: Deleting files on network drive permanently deletes them, there is no recycling bin
         By changing the location of "My Contacts" or similar to the root directory of your mapped drive, it will be added to recycling bin locations
        Read
  here (i've posted a batch script to automatically make the required reg files)
  I really hope this helps people. I hope the keywords + long title give it the best chance of being picked up in web searches.

  What probably happens is that processes are using those mounts. And that those processes are not killed before the mounts are unmounted. Is there anything that uses those mounts?

• Oracle Express Edition And Windows Encrypted File System (EFS)

  Hello,
  I want to use oracle express edition with windows encrypted file system. I tried some possibilities like encrypting xe folder. But connection can not be established when efs is used. Is there a compatibility problem between oracle xe and windows efs? On Oracle's page, it is declared that oracle database is compatible with Windows EFS.
  Thank you for help.

  Pl identify which version of Win 7 - 32-bit or 64-bit ? Home version or something else ?
  The 11g XE install is only available for 32-bit version of Win 7 Professional or higher - http://docs.oracle.com/cd/E17781_01/install.112/e18803/toc.htm#BABHICJH. If you are installing on 64-bit version or Home version of Windows, then you are on your own. What is the reason for enabling EFS on this database ?
  HTH
  Srini

• Hello, can anyone tell me how to share my home macbook pro to my imac in the office? I tried file sharing but never worked for me...appreciate if anyone can help!

  Hello, can anyone tell me how to share my home macbook pro to my imac in the office? I tried file sharing but never worked for me...appreciate if anyone can help!

  I should have added to my posting (instead of using this "reply" -  it is the server passwork it is asking for and I have never known that I had one and assumed it was the passwork I always used for this type of thing.

• Is there a format for a file that I can use for attaching a one page document with photos embedded that will open in everyone's email automatically?   I've tried PDF and Word, but worked only in Mail.  Lost formatting when just copied and pasted in email.

  Is there a format for a file that I can use for attaching a one page document with photos embedded that will open in everyone's email automatically?   I've tried PDF and Word, but PDF worked only in Mail.  Word worked in nothing.  I also tried copying and pasting the document but lost all formatting when just copied and pasted in email.  Is there a way to do this?

  Are you sure PDF won't work? It should as what you're trying to do is pretty much what it is designed for (PDF - Portable Document Format). On a Mac anywone who receives the file should be able to see it in all its page layout glory by using the app Preview or Adobe Reader. Same on a PC, the file should be viewable as a PDF file using Adobe Reader and probably some other viewer (don't use PCs so not sure what other apps).
  What application are you creating the file in and are you sure you're exporting it correctly in PDF format, fonts and images embedded?

• How to share EFS encrypted files over a network (\\workstation\c$\encrypted-file.txt)

  Hello,
  we decided to theft-protect our workstations by using EFS encryption on some important documents and directories.
  Just to be sure: I hope that data will not be readable in the case that someone physically gains access to the disk or computer with encrypted data and does not know user's name & password to log in or does not have the right encryption certificate with
  private key. Please correct me, if I'm wrong.
  All workstations are Windows 7 Professional joined to the domain controlled by Windows 2008R2 DC. We are a bit lazy, so we have generated a local, self-signed EFS certificate on a single workstation and installed this (the same) certificate on all workstations.
  Now, we are able to share EFS encrypted files for example via a NTFS formatted flash drive.
  Later, we have setup a Certificate authority (we can potentially issue new EFS personal, domain-based certificates that are published in AD), and established DRA as well (published DRA via a Group Policy).
  All logged-in users have the same (non-domain) certificate installed in their "My User Account" certificate store, cipher /y command shows the same thumbprint value.
  However, we would like to be able access files remotely, in a "lazy" way using an administrative share like
  \\workstation\c$\users\bob\document.txt. We all are Domain Admins, so NTFS and SMB privileges should be OK, unencrypted files are accessible OK.
  I have tried to issue a new certificates via the Cert Authority, putting them into "Trusted People" container etc., adding them to the "Users who can access this file:" list on the encrypted file and nothing worked.
  So is it possible to share EFS encrypted files over a workstation's share (i.e.
  \\workstation\something)?
  What should I do to get it working? :-)
  Thank you for any ideas.
  Jan

  OK, I understand that. However, I have read this article
  Using Encryption File System (Technet)
  and there is stated "Remote EFS operations on files stored on network file shares are possible in Windows 2000 or later domain environments only. Domain users can remotely encrypt or decrypt files,
  but this capability is not enabled by default"
  There are notes about computer trust etc., so I am seeking for someone who would help me a little bit with this.
  Just imagine the simplest possible "single-user" case: there are two Win7 computers A, B joined into the domain and just single user BOB. Bob uses those two computers and need to access own documents like
  \\A\DocumentsA or
  \\B\DocumentsB. Standard setup - folder sharing: everything is working fine, share and NTFS permissions are set up, BOB can work with his own "remote" documents from both computers (\\A\DocumentsA from computer B and
  vice versa).
  BOB decides to encrypt his documents. So BOB logs in computer A, starts "Manage file encryption certificates Wizard", gets an EFS Certificate from CA and encrypts his c:\Documents (shared as
  \\A\DocumentsA). I assume the EFS certificate is stored on computer A in BOB's local profile, therefore I ask:
  Now, BOB moves to the computer B and logs on.
  Q1: Will be \\A\DocumentsA accessible for BOB from B?
  Q2: If not, what should do now? Should I do something in AD for computer accounts (A and/or B) ?
  Thank you.

• How to prevent EFS encrypted files getting green color

  hi friends
  as we know, when we encrypt files via EFS, they get green color so users find out that these are encrypted files. i don't want such thing. 
  is there any method to prevent EFS encrypted files getting green color?
  thanks in advance

  You can set it via Folder Options in Control Panel or in Windows Explorer, and there is a related Group Policy.
  This thread has the details - the configuration
  options apply both to 'green' and 'blue' (compressed) files.
  Elke
  hi Elke.
  nice, thank you very much
  regards

• File system cache on APO for ATP

  Hi, aces,
  Do you have any recommendation percentage of file system cache on AIX for APO/ATP environment?  My system was configured to be 20% min -80% max.  But I am not sure if this is good for APO/ATP.
  I suspect the file system cache takes a lot of memory and leaves less memory for APO work processes.
  Regards,
  Dwight

  sar will give you what you need....

• Cannot see the system folder(private work area) in the dependency manager

  Hi
  I am not able to see the 'system folder'(private work area) in the dependency manager tool.
  I have captured the user schema in this folder, and want to see dependency information of objects in it.
  Please Help.
  Thanks

  Hi Guru,
  Please go through SAP note # 1333684 and configure accordingly.
  Also, follow the note # 1042993, if problem is not getting resolved.
  Thanks
  Pavan

• What is available on new Windows servers that allow you to write scripts that can work directly with Windows, SQL Server, and Exchange Server?

  What is available on new Windows servers that allow you to write scripts that can work directly with Windows, SQL Server, and Exchange Server?
  a. PowerShell
  b. isql
  c. osql
  d. sqlcmd

  All questions seem to be from the interview or a test. I think I even took this test once, it's KForce test.
  For every expert, there is an equal and opposite expert. - Becker's Law
  My blog
  My TechNet articles

• HT5610 In itunes, pressing alt to display the menu bar totally worked for my windows running machine but I CANNOT get the menu bar to show in itunes on my imac.  what's with that?

  In itunes, pressing alt to display the menu bar totally worked for my windows running machine but I CANNOT get the menu bar to show in itunes on my imac.  what's with that?

  You got me experimenting ... and it was viewing the display with the green button (rather than amber) on the left that revealed the menu bar.  Hovering didn't do it.  Thanks for your help.  First time in Apple Support.

• System Recovery that worked for me.

  I've read soooooooo many complaints about Toshiba purchasers being unable to restore their laptops with their XP Recovery Discs.  The usual answer from the experts on this site is that you need a new disc or your DVD drive is defective.  Of course, you can find out if the latter problem is the culprit by putting in any CD/DVD with information on it  then go to Windows Explorer and see if you can access anything on it.  If you can't or if the only thing you can do is boot to the BIOS, then this might work for you.
  For some reason a lot of these Recovery Discs simply won't start without first formatting the hard disc--I've found this to be the case with Toshiba and Gateway products.  Of course, if you can't format the hard disc with the Recovery Disc then the only thing to do is this:
  Find yourself a full or upgrade version of Windows XP.  I haven't tried it, but you can probably also use 98, ME, 2000--whatever.  Start your computer, hit the F1 key or whatever it takes to get to the BIOS.  When your in you're in your BIOS, change the boot order from Hard Disc to DVD.  Hit the Save key which will reboot your computer.  At the Toshiba logo, hit the eject button on your DVD drive.  Put in the XP disc I mentioned earlier.  You should get to the start of the install process.  If so, go through the entire install process and when you get to the format hard disc part, let it rip.  Once the format process if finished, hit the eject button on your DVD drive.  Put in the Recovery Disc that came with your computer.  Reboot it, keeping the boot order the same (DVD first).  The install procedure of your Restore Disc should start automatically.  If it doesn't, then this procedure won't work for you.
  However, I've found this procedure works on my Toshiba laptop, more than a few Gateway laptops and even a Gateway PC.
  Although I haven't tried it, you can probably do the format procedure with a custom XP boot disc that you can get off the web.  And if you can't do it either way yet have access to a floppy drive (USB or built into your computer), go to this Microsoft web site to down load an fabricate a set of floppies that will do the same job: http://support.microsoft.com/kb/310994
  Whatever you do, don't take the expert's advice on this forum to immediately order another Recovery Disc AND don't assume that your DVD drive doesn't work.  Probably neither is the case and you'll save a lot of money if it isn't.
  Try this procedure first--you've got nothing to lose if you can't get past the BIOS.

  hyjanks wrote:
  Look.  You're talkin' Geekdom here, buddy.  I'm just trying to solve a problem for the average Joe whose eyes gloss over at the mention of ISO's.  Toshiba tech support costs $25 for the first call.  I don't know what a copy of a Recovery disc costs, but it's probably in the same range.  If you go out an buy a USB/floppy dirve it will cost you about $20. And when you're through with the install, you've got yourself a new toy.  When you're done with Toshiba tech support, you MAY get a solution.  You MAY not.  If you buy a Restore disc, it may solve the problem.  Maybe it won't.  Get it?
  I just bought a brand-new Intel MB that comes with a SATA/RAID floppy.  What do you suppose I'm going to use to install the driver?
  By the way, you got a better solution?
  If the computer has a floppy drive then the F6 method will work.  I've used it numerous times on systems that have one.  But the problem is that laptops don't have floppy drives these days, USB floppy drives don't always work for the installing SATA drivers via the F6 method, and most users don't know how to make an F6 floppy disk to use.  And many laptops don't even provide the files to create an F6 SATA driver floppy.  It's a lot easier to burn a CD from an ISO that is readily available than it is to create a F6floppy disk when you don't have the preconfigured disk file and need to create one from scratch.
  Now why are we arguing anyway?  Both methods will work.  It's just a matter of which will be more appropriate for the specific situation.  I'm not attacking you, your method, or your manhood.  Now let's just drop this as it's not productive and is actually going to confuse some of the people that would potentially benefit from these methods.
  If you don't post your COMPLETE model number it's very difficult to assist you. Please try to post in complete sentences with punctuation, capitals, and correct spelling. Toshiba does NOT provide any direct support in these forums. All support is User to User in their spare time.

• Required "/" (root) file system size on UNIX for Solution Manager.

  Hello SAP Gurus,
     I am setting up SAP Solution Manager 3.2 on HP-UX. It is asking me about 350MB free sapce on "/" file system for Central Instance installation and about 120MB free sapce on "/" file system for Database Instance installation.
     I am installaing everything on to shared disk which mounted under /usr/sap. Why it needs free sapce in "/" file system. Is there any workaround to get rid of this requirement, as I have very less free sapce on "/" file system and I don't want to take the risks involved in increasing this size.
     Are there any SAP recommended sizes for "/" file system?
     I stuck in the middle of setting up SAP landscape on HP-UX (11.23). I searched through the Installation documents but I couldn't find any thing helpful in this regard. It is urgent requirement to set up this so please let me know any solution or workaround ASAP.
     Any help is greatly appriciated.
  Thanks in advance.
  Regards,
  cvr/

  Hi Vaibhav.
  Normally "canonical path not available for (folder name)" means:
  1. Wrong username/password. Please double check you credentials.
  2. The resource cannot be linked from the portal server. Please be sure that you can connect to the next ports in windows server from the Unix Server:
  a. NetBIOS Session Service TCP 139 This port is used to connect file shares for example.
  b. TCP 445 The SMB (Server Message Block) protocol is used among other things for file sharing in Windows NT/2000/XP. In windows NT it ran on top of NetBT (NetBIOS over TCP/IP), which used the famous ports 137, 138 (UDP) and 139 (TCP). In Windows 2000/XP/2003, Microsoft added the possibility to run SMB directly over TCP/IP, without the extra layer of NetBT. For this they use TCP port 445.
  I hope these things help somebody.
  Best Regards,
  Jheison A. Urzola H.

• File.setLastModified doesn't work for files with another owner and 777 perm

  import java.io.File;
  public class Main {
      public static void main(String[] args) {
          File file = new File(args[0]);
          System.out.println("exec:" + file.canExecute());
          System.out.println("read:" + file.canRead());
          System.out.println("write:" + file.canWrite());
        System.out.println(file.setLastModified(System.currentTimeMillis()));
  } Compile it to ~. In ~ create file aaa.txt. Next
  ~ $ sudo chown root:root aaa.txt
  ~ $ sudo chmod 777 aaa.txt Checking
  ~ $ ls -la aaa.txt
  -rwxrwxrwx 1 root root 472 2009-11-24 12:09 aaa.txt Running application
  ~ $ java -Djava.security.debug=all Main /home/jfreem/aaa.txt
  scl:  getPermissions ProtectionDomain  (file:/home/jfreem/ <no signer certificates>)
  sun.misc.Launcher$AppClassLoader@1c78e57
  <no principals>
  java.security.Permissions@1186fab (
  (java.lang.RuntimePermission exitVM)
  (java.io.FilePermission /home/jfreem/- read)
  scl:
  exec:true
  read:true
  write:true
  false setLastModified return false and modification time of file remain the same. Why?

  Can you see if the file is getting to the webserver's (not
  ColdFusion)
  temp file directory?
  When a file is uploaded from the browser the
  webserver(IIS|Apache|etc)
  upload it to a temp location, then all CFFile does is copy
  the file
  from the temp directory to where ever specified.
  So you can see if the problem is failing before or after this
  point.
  Grant wrote:
  >
  >
  > We are migrating our intranet from ColdFusion 5 on
  Solaris to ColdFusion MX 7
  > on Linux and I'm testing out the existing applications
  on the new server. The
  > processing page for a file upload is using CFFILE with
  ACTION="upload". The
  > page finishes processing fine, no error, and continues
  as if it was successful
  > but the file never actually gets to the destination
  directory. I tried with
  > larger files and it did take longer (so the file
  appeared to get transmitted),
  > but it still does not get saved to the server's file
  system. This all works
  > fine on the current system running CF5. I've tried the
  CFFILE destination with
  > and without a slash at the end - no difference. We have
  ColdFusion 7.0.1
  > installed. Hot fix 2 has been applied but that did not
  fix the problem.
  >
  > Any ideas?
  >