Re: folder Advanced properties, EFS

From: Robert Gu [MS] (robertg@online.microsoft.com)
Date: 07/01/02 

From: "Robert Gu [MS]" <robertg@online.microsoft.com>
Date: Mon, 1 Jul 2002 10:31:41 -0700

Are the users running in admin or not? If not, you can try to ACL the
encrypted folder so that user has no write data and attribute permission to
the folder.

User need the following permission to remove the folder encryption
attribute,

FILE_READ_DATA | FILE_WRITE_DATA | FILE_READ_ATTRIBUTES |
FILE_WRITE_ATTRIBUTES

In Win2K, user also needs the key to decrypt the folder. The admin could
encrypt the folder and set ACL to disallow user to delete the folder. 

--
This posting is provided "AS IS" with no warranties, and confers no rights.
Robert Gu [MS Security Developer]
"Ondrej Fousek" <ofousek@centrum.cz> wrote in message
news:13d1601c2210f$8a83ba70$9ae62ecf@tkmsftngxa02...
> Our users are domain-based but they use notebooks and work
> in the wild. We want to protect specific folders on their
> notebooks with EFS and to eliminate the possibility of
> intentional or mistaken switching off EFS on these folders.
>
> Our admins offered us to enforce this with start-up and
> shutdown scripts. It seems not to be 100% solution.
>
> Is there any way to permanently disable
> file/folder "Encrypt contents to secure data" option for
> Users?
>
> Thanks.
> Andy
>
> >-----Original Message-----
> >Can you explain more in detail? What is the goal?
> >
> >--
> >This posting is provided "AS IS" with no warranties, and
> confers no rights.
> >
> >Robert Gu [MS Security Developer]
> >"Ondrej Fousek" <ofousek@centrum.cz> wrote in message
> >news:f7b801c21ebe$f44f6a60$95e62ecf@tkmsftngxs02...
> >> Hello all,
> >> thanks MS for the answer to my last problem.
> >> Today we found a new challenge - we need to disable
> users`
> >> possibility to switch off EFS on their domain
> workstations
> >> (it resides in folder Properties - General - Advanced).
> >>
> >> Has anybody a solution or a hint?
> >>
> >> Thanks
> >> Andy
> >
> >
> >.
> >

Relevant Pages

  • Re: Enable "Encrypt contents to secure data" option in Windows Exp
    ... option available during install). ... to green for the folder and file names, ... Select the folder you wish to encrypt. ... In order for this option to work in Microsoft Windows XP home you must ...
    (microsoft.public.windowsxp.general)
  • Re: Sharing Folders using EFS in XP Pro
    ... someone else (who isn't a Microsoft employee) on the newsgroup can. ... >> files in the "Shared Documents" folder. ... >> to encrypt the folder, but only the user that encrypts it ... > folder in Windows XP. ...
    (microsoft.public.windowsxp.security_admin)
  • Securing your Windows computer from data theft
    ... The problem is that when Windows is reinstalled on ... What you merely do is select a folder in the Windows Explorer and then ... because you want to encrypt all the files in the folder right away. ... folder to the USB flash disk it's unencrypted on the flash disk and can be ...
    (alt.privacy)
  • Re: Securing your Windows computer from data theft
    ... > can now seen by the person who reinstalled Windows ... > What you merely do is select a folder in the Windows Explorer and then ... > because you want to encrypt all the files in the folder right away. ... > folder to the USB flash disk it's unencrypted on the flash disk and can be ...
    (alt.privacy)
  • Re: please help!!!!!!
    ... > locked down admin user account that runs only one app. ... > all the files assoicated with this app is in a folder. ... Could you encrypt the folder, is this what you are after. ... If you encrypt the folder as the admin, only he will have access to it, even ...
    (microsoft.public.windowsxp.security_admin)