Jump to content

EFS file sharing with constrained delegation

Guest Ondrej Sevecek

By Guest Ondrej Sevecek
in Microsoft Support & Discussions

 Share

Recommended Posts

Guest Ondrej Sevecek

Guest Ondrej Sevecek

Posted
Posted

Hello,

 

would you be please able to give me an authoritative answer whether (and

then how) Windows Server 2008 (domain member) acting as a file server for

EFS encrypted files can use CONSTRAINED delegation to obtain EFS encryption

certificates for users from an enterprise CA?

 

Currently, it works for me with UNconstrained delegation (the "trust

computer for delegation to any service"), it normally obtaines kerberos

tickets for several services such as CIFS/dc, ProtectedStorage/dc, LDAP/dc,

GC/dc and HOST/ca etc.

 

But when I switch it to the constrained ("trust computer for delegation to

specified services only - kerberos only") and list the services manually,

the file server then is not willing to delegate to CIFS/dc at all and is

using just anonymous connection which is refused with access denied.

 

This looks like the file server is generally not able/willing to use

constrained delegation for shared files at all (as tested with ASP

FileSystemObject script which also works only with unconstrained

delegation).

 

ondrej sevecek

MVP, MCM:DS

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...