EFS file sharing with constrained delegation

Discussion in 'Server Security' started by Ondrej Sevecek, Jun 2, 2009.

  1. hello,

    is it supported to configure the remote EFS file server not with the
    unconstrained delegation but with only a limited set of constrained
    delegation SPNs? which SPNs must be used?

    thank you very much

    Ondrej Sevecek, Jun 2, 2009
    1. Advertisements

  2. Hi,

    this is what worked for me,

    FS delegate: cifs/DC, ldap/DC, protectedstorage/DC
    (note, if you have multiple domain controllers in site you should add them all)
    FS delegate: HOST/CA

    However, I could not find any documentation regarding constrained delegation,
    technet does not mention whether this configuration is supported or not.


    Pozdravuje (Greetings) ;)

    Martin Rublik, Jun 4, 2009
    1. Advertisements

  3. yes, no documentation at all to this, but it actually doesn't work for me,
    even previously i tested something similar:

    fs1: can delegate to CIFS/DC1
    fs1: can delegate to LDAP/DC1
    fs1: can delegate to ProtectedStorage/DC1
    fs1: can delegate to GC/DC1
    fs1: can dleegate to RPCSS/CA1
    fs1: can delegate to HOST/CA1

    but it stops after obtaining the last ticket from DC, no further ip traffic
    occuring from the FS. it must have been that the FS dindn't know something
    or was thinking something incorrectly, but it didn't repair even after

    ale dekuju moc za podporu. pokusim se to jeste nejak poresit a dam vedet :)

    Ondrej Sevecek, Jun 4, 2009
  4. Just a simple question,

    is it possible to log on the server locally and to encrypt a file using EFS?

    Martin Rublik, Jun 4, 2009
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.