Copied encrypted files over RDP get decrypted

Mago Barca 1 Reputation point
2021-11-27T23:21:33.02+00:00

Hi All,

I have the following situation. I have folder TESTFOLDER and inside it a file called TESTFILE.TXT stored on the SERVER. I encrypt this file (and of course its parent folder TESTFOLDER). Now if I RDP to SERVER and copy this file to my local PC (not part of the domain or LAN), then I find this file is decrypted.

I thought the certificate that is used to encrypt the encryption/decryption key is not stored in the encryption file and only the encrypted encryption/decryption key is stored in the file.

What is going on?

How can I fix this situation?

Thank you

Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,304 questions
No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Limitless Technology 37,341 Reputation points
    2021-12-01T09:35:30.813+00:00

    Hi there,

    I suppose you might have created a trigger that decrypts the files automatically. The server's decryption key can only decrypt files encrypted by its corresponding public key.

    Make sure that no such triggers are executed and I suppose that sorts your query.


    --If the reply is helpful, please Upvote and Accept it as an answer--

    No comments

  2. Vadims Podāns 8,081 Reputation points Microsoft MVP
    2021-12-01T14:58:31.01+00:00

    It is expected behavior and by design. Files are automatically decrypted (if decryption key exists on source machine) when moved to media which doesn't support encryption, including network transfer. EFS does not protect data on a wire.

    No comments