locked
Encryption Bug in Windows XP-SP2,SP3 & Server2003 RRS feed

  • 問題

  • I made following steps in Windows XP - SP2 & 3, Windows Server2003 & I experienced the strange issue.

    step1- Made three users

    step2- taken logon with each of them & switched all users

    step3- made a file in user1 & checked that all users are able to access that file

    step4- in user1 encrypt the file with file only encryption & checked that user2&3 are not able to access that file

    step5- in user1 went to mmc & add a certificate with MyUserA/c option & exported the certificate with private key

    step6- logged on with user2 and imported the certificate.(now user1&2 is able to access user1's file but in "properties\advanced\details" of file, only user1 is there.)

    step7- user2 has made a file & every other user is able to access user2's file

    step8- user2 has encrypted file with file only encryption (now user1&2 are still able to access user2's encrypted file but user3 is not able to access any of the files & in the "properties\advanced\details"  of user2's file only user1 is there)

    step9- user3 made a file & all users are able to access the file

    step10- user3 encrypted his file with file only encryption (nobody is able to access user3's file except user3 itself)

    step11- user3 imported user1's certificate (now user3 is able to access all the three encrypted files of user1,2&3 & user1&2 is not able to access any of the files not even their own encrypted files, they even cant remove the encryption of their own files & in "properties\advanced\details" of all the files only user3 is there)

    step12- user1 imported his own certificate but condition is still the same

    step13- user2 imported user1's certificate again but condition is still the same

    step14- user3 issued his certificate

    step15- user1 imported user3's certificate (now user1,2&3 are able to access all the encrypted files and in  "properties\advanced\details"  of all files only user1 is there)

    THATS ALL I DID.

    ITS ALL CONFUSING ME. PLEASE HELP ME OUT.
    2009年1月16日 19:35

所有回覆

  • HI Ayush?

    Have you tried to install WInXP SP3 and see if the problem still exist?

    Hope it will solve the problem.

    2009年1月17日 8:13
  • hi chi

    I have tried this procedure in WindowsXP-SP3 also... and I am having the same problem...

    2009年1月17日 15:38
  •  ayush.jain28 wrote:

    step5- in user1 went to mmc & add a certificate with MyUserA/c option & exported the certificate with private key

    What have you done in step 5? Open mmc then? Add/remove snap-in and select Certificate? And then? Please give the full detail.

     

     ayush.jain28 wrote:

    step6- logged on with user2 and imported the certificate.(now user1&2 is able to access user1's file but in "properties\advanced\details" of file, only user1 is there.)

     

    step8- user2 has encrypted file with file only encryption (now user1&2 are still able to access user2's encrypted file but user3 is not able to access any of the files & in the "properties\advanced\details"  of user2's file only user1 is there)

     

    step11- user3 imported user1's certificate (now user3 is able to access all the three encrypted files of user1,2&3 & user1&2 is not able to access any of the files not even their own encrypted files, they even cant remove the encryption of their own files & in "properties\advanced\details" of all the files only user3 is there)

    This seems....a bit abnormal. How do you import the Certificate for one user account? Can u tell us the detail?

     

     

    Beside, is there any NTFS permission set? Are the file all create in same folder?

     

     

    2009年1月19日 3:05
  •  MS MVP KenLin for VB.NET wrote:

     ayush.jain28 wrote:

    step5- in user1 went to mmc & add a certificate with MyUserA/c option & exported the certificate with private key

    What have you done in step 5? Open mmc then? Add/remove snap-in and select Certificate? And then? Please give the full detail.

     



    after selecting Certificate....I chose MyuserA/c in that dialog box & clicked Finish...& closed Add/remove snap-in & click Ok...

    then I expanded Certificate then expanded Personal & selected Certificate....>> on the right pane... select User name & right click on it\All tasks\Export...."A dialog box opened.. clicked next...>>  Yes,export the private key >> clicked next two times >> gave password >> gave the path to save the certificate >> next & finish."


     MS MVP KenLin for VB.NET wrote:


     ayush.jain28 wrote:

    step6- logged on with user2 and imported the certificate.(now user1&2 is able to access user1's file but in "properties\advanced\details" of file, only user1 is there.)

     

    step8- user2 has encrypted file with file only encryption (now user1&2 are still able to access user2's encrypted file but user3 is not able to access any of the files & in the "properties\advanced\details"  of user2's file only user1 is there)

     

    step11- user3 imported user1's certificate (now user3 is able to access all the three encrypted files of user1,2&3 & user1&2 is not able to access any of the files not even their own encrypted files, they even cant remove the encryption of their own files & in "properties\advanced\details" of all the files only user3 is there)

    This seems....a bit abnormal. How do you import the Certificate for one user account? Can u tell us the detail?

     

     

    Beside, is there any NTFS permission set? Are the file all create in same folder?

     

     





    I IMPORTED THE CERTIFICATE >> dblclicked on certificate >> clicked next two times >> gave the password which had given at the time of creating certificate >> clicked next two times >>  clicked finish

    NO NTFS PERMISSION WAS THEIR.....
    AND ALL FILES WERE CREATED IN DIFFERENT FOLDERS IN THE NAME OF THEIR USER A/CS...



    2009年1月19日 7:03