Windows – Cannot access EFS encrypted files/folders using File Sharing (SMB)

https://www.tenforums.com/network-sharing/174475-cannot-access-efs-encrypted-files-folders-using-file-sharing-smb.html

https://answers.microsoft.com/en-us/windows/forum/windows_10-files/cannot-access-efs-encrypted-filesfolders-using/6f43b281-135b-4693-8101-8a634b59b2f8?tm=1613673345262

I searched and found an article similar to this one on Microsoft's site:

https://www.fonepaw.com/windows/access-denied-folder-file-windows.html

And from my diagnosis I have trouble accessing shared EFS encrypted files and folders.

https://www.tenforums.com/network-sharing/157842-network-error-windows-cannot-access-you-do-not-have-permission.html#post1932396

I get past that screen, I can see and browse shares but I cannot open encrypted files:

\\name.operation420.net\share\file.txt

You do not have permission to open this file. See the owner of the file or an administrator to obtain permission.

If I decrypt files I can access them so share or filesystem permissions are not an issue, I can
access the files logged on regularly, I have the key on all Windows logons I use.

I cannot risk security and decrypt the files from my drives. A workaround I have is to run a
Linux VirtualBox install, create a shared folder in VirtualBox of the folders I want to share
that the Linux VM can see, and then setup a Samba server and share the mounted VirtualBox shared
folders. Except for an issue I have with file(s) and/or folders containing dollar $igns (Samba sharing issues with file/folder with $ in filename), it
works as expected when browsing the Linux shares. I can access files encrypted with EFS, I can
copy files to EFS encrypted folders, they will copy as normal and the file(s) will be in the
folder encrypted. The whole point of EFS is that encryption/decryption should be transparent.

Is this a bug in Windows, or is there something I am missing?

The Linux VM workaround is somewhat useful, except for files and or folders with dollar $igns in
their names (Samba sharing issues with file/folder with $ in filename), which might be out of scope for this post and for systems that are not powerful enough and/or lack RAM to run Virtual Machines…

I am using Windows 10 Pro version 20H2, but remember this happening on other versions… (As far back as Windows7)

Best Answer

It's probably because you aren't logged in the SMB with your account when accessing the share. You can only access EFS encrypted files over SMB when logged on to the remote computer with the account used for encrypting the files for obvious reasons. Try opening Command Prompt on the computer you are accessing the share from then type:

net use \\name.operation420.net /d
net use \\name.operation420.net /USER:<username>

where <username> is the username of the remote computer.

\\name.operation420.net\share\file.txt

Best Answer

Related Solutions

Windows – Unexpected Access Denied error while accessing EFS encrypted file

Windows 10, can ping other PC but cannot access shared folders! What gives

Related Question