3

I'm experiencing strange behavior with Windows Encrypted File System:

  1. I have a machine that is in workgroup mode (not joined to a domain)
  2. I encrypt an entire directory structure on the machine (basically a folder and subfolders with data files for my application).
  3. My application writes and reads files from the encrypted file hierarchy as a local Windows user (let's call the account 'SecureUser'). This works fine
  4. I then join the PC to a domain (Let's call it 'TEST')
  5. Afterwards, processes running as the local 'SecureUser' account can't read the files it wrote originally when it was off the domain (What is also strange is that the files are listed as "read only" now and I cannot unset this flag via Windows Explorer or the command line, even though it looks like it succeeds)
  6. I then 'un-join' the PC from the domain and everything works again

Is there something about changing domain membership on a PC that changes the behavior of EFS so that previously encrypted files cannot be read, even by the originating user?

Thanks in advance

Mike Marshall
  • 98
  • 2
  • 10

1 Answers1

1

Are you sure the process is running as LOCAL\SecureUser and not a DOMAIN\SecureUser by the same name?

Also, do you have any group policies regarding EFS and/or local user accounts that might be getting applied when the machine is on the domain? Such policies would cease to apply once you pulled it off the domain and that would explain why it works again.

Wes Sayeed
  • 1,862
  • 6
  • 27
  • 41