2.5.2.2 Back Up or Restore an Encrypted File
Goal
Back up or restore an encrypted file by using the Encrypting File System Remote Protocol, as described in [MS-EFSR].
Context of Use
The file owner or the administrator on the file owner's behalf is creating a backup of an encrypted file.
Actors
Admin Tool: A Microsoft Management Console (MMC) component, which is used by the administrator to configure the storage on the server.
Admin Client: The Admin Client is the primary actor. The Admin Client is code that is running on the administrator's computer. The Admin Client implements client-side protocol components and consumes the storage services that are offered by the storage server. The Admin Client's interest is to correctly interpret, execute, and display the results of the commands that are issued by administrator.
EFS service: The Encrypting File System (EFS) is the server-side implementation of the, as described in [MS-EFSR].
Stakeholders
Administrator: The administrator is the person who administers the storage. The administrator is interested in organizing the storage, granting access rights, and enforcing quota-based limits on the storage. The administrator is external to the Storage Services protocols and interacts with the Storage Services protocols through the Admin Client.
Preconditions
The administrator has the backup operator permissions and has identified an encrypted file that needs to be backed up.
Main success scenario
Trigger: The administrator requests to create a backup of an encrypted file by using the Admin tool.
The Admin Tool requests that the Admin Client establish a communication channel to the EFS service of the Storage Services protocols.
The Admin Client contacts the EFS service to create or restore the backup by using the methods EfsRpcOpenFileRaw, EfsRpcReadFileRaw, EfsRpcWriteFileRaw, and EfsRpcCloseFileRaw, as described in [MS-EFSR] sections 3.1.4.2.1, 3.1.4.2.2, 3.1.4.2.3, and 3.1.4.2.4.
For the backup request, the EFS service responds to the methods as described in [MS-EFSR] to create the backup of the requested file by sending the file to backup storage. For the restore request, the EFS service responds to the methods as described in [MS-EFSR] to restore the requested file by copying it from the backup.
Postcondition
The required creation of the backup or restoration of the requested file has finished successfully.
Extensions
If the communication channel for the Encrypting File System Remote (EFSRPC) Protocol cannot be established, or it becomes disconnected, the Admin Client attempts to establish a connection multiple times until it fails. The backup of the encrypted file depends on when the connection failed.