Re: EFS Certificate

From: Brian Komar [MVP] <bkomar@xxxxxxxxxxxxxxxxx>
Date: Fri, 6 Oct 2006 16:11:05 -0500

In article <E2E203C3-6EDD-40DA-8267-171927431D50@xxxxxxxxxxxxx>, JX@xxxxxxxxxxxxxxxxxxxxxxxxx
says...

Hi all,

I am in a midst of a small migration. We have w2k deployed and PKI. Uers
are using certs for EFS. I know migrating these uses to new w2k3 forest will
break the EFS encryption, but i wanted to know if users can still use their
certificate in the local store to decrypt the files / folders etc after they
move to the new w2k3 forest.

thanks all,
Jason

It would be best to look at the ADMT, I believe that it has methods for migrating the
certificates. Alternatively, look at exporting the EFS certificates to a PKCS#12 and then
reimporting them to the new user profiles.
The key is getting the certificates into the new user profiles so taht the user can open the
previously encrypted files.
Brian
.

Prev by Date: Re: Local system and user account - registry
Next by Date: Re: Local system and user account - registry
Previous by thread: Please advise on how to I can handle guests, volunteer accounts in my public institution
Next by thread: Re: EFS Certificate
Index(es):
- Date
- Thread

Relevant Pages

Re: Recovery Agent configured in GPO, but cannot see it in Encrypt
... details as that rsop.msc shows the computer displays the RA, the certificates ... EFS enabled, ... Group Policy settings can be forced to refresh ... because of domain Group Policy configuration you may have a problem with DNS ...
(microsoft.public.windowsxp.security_admin)
RE: Users and Groups Migration
... I understand that you want to know the result if migrating the users with ... are included in the user profiles, then we can use ADMT to migrate them. ... Microsoft Online Partner Support ...
(microsoft.public.windows.server.migration)
Re: XP on NT Domain Migrating local profiles to 2003 AD with ADMT 3.0
... Service account migration ... | Local profiles contain the desktop state and user data for users in the ... Migrate local user profiles for a batch of users immediately after ... | migrating the batch of users, and before the users log on to the target ...
(microsoft.public.windows.server.migration)
RE: Credential Roaming + EFS - how to cleanup user certificates ?
... Reason being that 25 certificates existed for that user which was too much ... we found that almost all users have multiple EFS ... Credential roaming is enabled and EFS is used for Offline files for all ... We are wondering if the EFS certificate template settings are correct. ...
(microsoft.public.security)
RE: Credential Roaming + EFS - how to cleanup user certificates ?
... Reason being that 25 certificates existed for that user which was too much ... we found that almost all users have multiple EFS ... Credential roaming is enabled and EFS is used for Offline files for all ... We are wondering if the EFS certificate template settings are correct. ...
(microsoft.public.security)