Inside Windows Server 1002003 [Electronic resources] نسخه متنی

EFS File Transactions and WebDAV

TraditionallyChapter 16, "Managing Shared Resources," describes how to set up a shared web folder on a server or desktop. The host must be running Internet Information Services (IIS) because the shared folder is actually just a virtual folder in the default web site. Also, WebDAV publishing must be enabled in the IIS metabase. This is not done by default.

A network provider in Windows Server 2003, the WebDAV redirector, controls transactions to and from a web share. WebDAV uses HTTP as its wire protocol, making it possible to access files through a firewall using standard TCP port 80.

To create a shared web folder, you must be running IIS on the server with security lockdown set to permit WebDAV publishing. Do this in the Internet Information Services console. Right-click the server icon, select S

ECURITY from the flyout menu, then walk through the IIS Security Lockdown Wizard. In the Enable Request Handlers window, select the Enable WebDAV Publishing option. Figure 17.11 shows an example.

Connecting to a WebDAV share is as simple as specifying the URL of the web share instead of a UNC name. For instance, you would map a drive to http://server_name/ webshare rather than \\server_name\share.

When you make a WebDAV connection and open a file, the WebDAV redirector issues an HTTP Get command to copy the file to the local Temporary Internet Files cache. The user makes changes to the local copy of the file. When the user saves the changes, the file is copied to the WebDAV share via an HTTP Put. This is not nearly as sophisticated as SMB, and much slower, but it is much handier than doing a series of FTP file transfers.

WebDAV Advantages for EFS

In addition to standard Gets and Puts, WebDAV also controls file locking and maintains version control on files using a special set of properties that are saved along with the data in the file. A WebDAV client accesses these properties via GetProp and PostProp commands. Figure 17.12 shows the WebDAV properties of a file.

Because WebDAV clients work on local copies of a file, they have a few advantages when working with encrypted files in an untrusted environment such as the Internet:

• Encrypted file transfers.
  Using WebDAV, the client encrypts the file locally in the Temporary Internet Files cache and then transfers the encrypted file across the network to the server. This contrasts to SMB, where the data stream going across the wire is unencrypted.




• "Trusted for Delegation" option not required.
  Using WebDAV, the client takes responsibility for file encryption, not the server. This means the server does not need the user's PKCS certificates and therefore does not need to be trusted for delegation. This relieves you of the chore of hardening the server against Trojan horse programs. Also, you will not see dozens or hundreds of user profiles proliferating in the Documents and Settings folder at the server.

Managing Encrypted File Transfer Over WebDAV

You