CSOCurrent en:Persisting the Client Store across Terminal Server Sessions

Aus Cryptshare Documentation
Wechseln zu:Navigation, Suche

Overview

The Client Store, usually located in `%APPDATA%\Pointsharp\Cryptshare for Outlook\client.store`, is used by Cryptshare for Outlook to store the verification token of each user/server combination. The existence and validity of this file ensures that a Cryptshare for Outlook user does not always have to perform a Verification.

In order to protect the contents of the file from unauthorized access, Cryptshare for Outlook utilises the Microsoft Data Protection API with the DataProtectionScope of CurrentUser. This means that the contents of the Client Store can only be unprotected by the same domain user who protected the contents of the file.

Due to how most commercial terminal server solutions work, it is quite common for a user's session to be located on a different physical server every time they log in. It is therefore crucial to have mechanisms in place that ensure user-specific data to be available within the user's session, no matter which physical server the user is connected to. This is usually done by deploying Roaming User Profiles.

Data related to Cryptshare for Outlook

We recommend to persist the directory `%APPDATA%\Pointsharp\Cryptshare for Outlook` across sessions. This ensures user-defined information such as name and phone number as well as the transfer history to be available no matter where the user's session is located.

Data related to Microsoft DPAPI

The client.store file located in `%appdata%\Pointsharp\Cryptshare for Outlook\client.store` is only readable if the user's DPAPI keys are available. When a Roaming User Profile has been deployed, this happens automatically. Otherwise, it is your responsibility to make sure the keys are available across sessions. The keys are located in `%APPDATA%\Microsoft\Protect\{SID}`.

If the DPAPI keys are not properly persisted, Cryptshare for Outlook with throw the following error when attempting to read the contents of the Client Store:
Code = 170 Message = Can't read from the client store!