[NTLUG:Discuss] Re: mounting drives from other os -- SAM-SID issues != EFS issues

[Bryan J. Smith]

On Wed, 2004-09-22 at 15:54, Jeff wrote:
> I've always had great luck porting ntfs drives to other systems.

You've just been lucky.  Same deal with people who enable write access
in the Linux NTFS driver without the LDM code (for LDM disk labeled
disks) or Captiva approach (reads SIDs from actual SAM-registry).

If you don't apply ACLs to many files, using the inherited ones from
directories, etc..., they you're typically okay.  If you've got ACLs all
over the place, you're asking for trouble.

Unless, of course, you are assigning _domain_ SIDs (i.e., domain users,
groups, etc...).  Then the SIDs are in the _network's_ version of the
SAM.  It's the same regardless whether you are using legacy PDC or newer
ADS for your CIFS domain.  Those SIDs are stored on the network server.

> I believe what he is thinking about is Windows EFS it's encrypting
> file system which is not only tied to a particular windows install,
> it's also tied to a particular SID.

It's not EFS, that's a totally different issue.  If you don't use public
key (using either X.509 certificates or Kerberos) to store the symmetric
key for EFS, it defaults to basing it on the local administrator's
password.

That's a completely separate, although compounding issue.



-- 
Bryan J. Smith                                  b.j.smith at ieee.org 
------------------------------------------------------------------ 
"Communities don't have rights. Only individuals in the community
 have rights. ... That idea of community rights is firmly rooted
 in the 'Communist Manifesto.'" -- Michael Badnarik