EFSprotectionutility
ClientSecuritySolutionprovidesacommandlineutilitythatenablesTPM-basedprotectionofencryption
certicatesusedbytheEncryptingFileSystem(EFS)toencryptlesandfolders.Thisutilitysupports
transferofthirdpartycerticates(certicatesgeneratedbyaCerticateAuthority)andalsosupports
generationofself-signedcerticates.
ProtectionoftheEFScerticatebyClientSecuritySolutionmeansthattheprivatekeyassociatedwiththe
EFScerticateisprotectedbytheTPM.Accesstothecerticateisgrantedaftertheuserhasauthenticated
toClientSecuritySolution.
IfnoTPMisavailable,theEFScerticateisprotectedusingtheTPMemulatorprovidedbyClientSecurity
Solution.YoumustbeenrolledwithClientSecuritySolutiontobeabletohavetheEFScerticatesprotected
byClientSecuritySolution.
CAUTION:
IfyouuseClientSecuritySolutionandtheEncryptingFileSystem(EFS)toencryptlesandfolders,
thenanytimeClientSecuritySolutionortheTrustedPlatformModuleisnotavailable,youcannot
accesstheencryptedles.
IftheTrustedPlatformModulebecomesnon-responsive,ClientSecuritySolutionwillrestoreaccessto
encrypteddataafterthemotherboardisreplaced.
UsingtheEFScommandlineutility
ThefollowingtableprovidesthecommandlineparametersthataresupportedforEFS:
Table9.CommandlineparameterssupportedforEFS
ParameterDescription
/generate:<size>Generatesaself-signedcertandassociatesthecerticate
withEFS.If<size>isspecied,thekeygeneratedwillbe
ofthespeciedbitsize.Validvaluesinclude512,1024
and2048.Ifnovalue,oraninvalidvalue,isspecied,the
defaultwillbethegenerationof1024-bitkeys.
/sn:xxxxxxSpeciestheserialnumberofanexistingcerticateto
transferandassociatewithEFS.
/cn:yyyyyySpeciesthename("issuedto")ofanexistingcerticate
totransferandassociatewithEFS.
/rstavailTransferstherstavailableexistingEFScerticateand
associatewithEFS.
/silent
Doesnotdisplayanyoutput.Returncodesprovidedby
thevaluewhentheprogramexits.
/?or/hor/help
Displaysthehelpinformation.
Whennotruninsilentmode,theutilitywillreturnoneofthefollowingerrors:
0-"Commandcompletedsuccessfully"
1-"ThisutilityrequiresWindowsXP"
2-"ThisutilityrequiresClientSecuritySolutionversion8.0"
3-"ThecurrentuserisnotenrolledwithClientSecuritySolution"
4-"Thespeciedcerticatecouldnotbefound"
5-"Unabletogenerateaself-signedcerticate”
6-"NoEFScerticateswerefound"
7-"UnabletoassociatethecerticatewithEFS”
Whenruninsilentmode,theoutputoftheprogramwillbeanerrorlevelcorrespondingtotheerrors
numbersshownabove.
Chapter3.WorkingwithClientSecuritySolution23
Kommentare zu diesen Handbüchern