[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] Windows encrypt on disk for execute nodes of jobfiles

Todd Tannenbaums presentation on "whats new" at the condor week in april
stated that on disk encryption was now available for Windows in version 6.6. I
have noted a thread on Windows EFS support. Is this was the presentation
referance was to?

I'm not Todd, but I'm pretty sure that he was referring to EFS support.

In either case how do you get it to work? I have added the encrypt execute
directory entry to the config file as suggested in the list thread but this
doesn't cause encryption on Windows 2000 where I am testing. The thread left the
discussion at that point. Is XP required?

No, Windows 2000 should work fine. Here's two things to check:

1. Verify that you've correctly spelled


in your config file, and that this setting is reflected on your execute machines.

2. While a job is running, if you can get an administrator shell started, you should find a hidden Desktop.ini file in the execute directory (the dir_#### directory underneath EXECUTE). The file should contain two lines:


if the file isn't there, or doesn't contain those two lines, check the starter log for error messages.

Assuming all goes well, you should be able to do a 'dir' on the execute directory, but attempting to read the contents of the files should fail with Access Denied. Only the person that created the execute directory (in this case, probably condor-reuse-vm1) should be able to successfully read any of the files.