Re: EFS and multiple users

From: Miha Pihler (miha.pihler_at_Atlantis-N0Spam.si)
Date: 07/25/03 

Date: Fri, 25 Jul 2003 23:47:27 +0200

I skipped few questions... Here are the answers:

> 1.If I delete the certificate and private key after I exported it, can the
> users still read and write the documents?

I am not sure if I understand this. Let say I encrypted some files. Now you
export my keys and erase them from my PC. I won't be able to access the
files any more (I don't have the key any more)... But if you give them back
to me ... then I would be again able to read and write to them ...

> 2.Most of the users have their documents on their pc's, is it better to
have
> their docu's on a server, and if it is so will the bandwith play a role(we
> run 100mbps on a switch).Or should I just implement EFS on every pc.

Let say I encrypt a file on my PC. Now I have to copy it to the server
(because of e.g. backup). First file will decrypt on my PC and will be sent
unencrypted over the network to the file server where it will be encrypted
or not -- depending on whether destination folder has encryption turned on
or off. Files will usually inherit parent folder settings (permissions, EFS
or compression settings). There are few rules and/or exceptions to this ...
No Bandwidth would not be a problem. Personally I would do this on server
because I would still want to backup this files on tape just in case. Since
you need to encrypt them they must be important to I guess backup is a must.
If you need to also secure data transfers on the network (when e.g. copying
files and folder from clients to servers) you can use built in IPSec (Win2K
or higher can support this via policies). This will put more stress mainly
on file server also network and clients. Clients and network should not be a
problem, but server well it depends on hardware configuration, number of
users...

Mike

"Jerry Robles de Medina" <jerry@jerryroblesdemedina.com> wrote in message
news:eFctFBuUDHA.2004@TK2MSFTNGP11.phx.gbl...
> Thanks Mike,
>
> The files I am talking about are word en excel documents.So I can
implement
> EFS on that shared folder on the server and the users will be able to open
> en modify their documents, but they cannot copy their documents on a
floppy
> and read it at home.Am I right?Because that is the purpose.
>
> I still have some questions that i hope you or someone else can help me
> with.
> 1.If I delete the certificate and private key after I exported it, can the
> users still read and write the documents?
> 2.Most of the users have their documents on their pc's, is it better to
have
> their docu's on a server, and if it is so will the bandwith play a role(we
> run 100mbps on a switch).Or should I just implement EFS on every pc.
> Thanks again for the time.
> Jerry
>
>
>
> "Miha Pihler" <miha.pihler@Atlantis-N0Spam.si> wrote in message
> news:ecleNTtUDHA.2248@TK2MSFTNGP12.phx.gbl...
> > On Win2K only user that encrypts e-mail can open and edit it (unless
> someone
> > else has private key with which files/folders ware encrypted). Anyone
else
> > will get an error...
> >
> > You would probably be better off with NTFS permissions (but you didn't
> give
> > enough information to tell for sure.).
> >
> > NTFS and EFS is much better implemented at per folder level then at file
> > level (it gets too messy if there are a lot of files in a folder...)...
> >
> > Also if you use EFS to encrypt (other user CAN'T see the content of the
> > file) but other users that have read and write permission on the file
will
> > be able to delete the file so EFS does not protect you from users
erasing
> > other users files. You have to take care of this with NTFS.
> >
> > --
> > Mike
> > MCSA 2K, MCSE 2K, MCT, ...
> >
> > "Jerry Robles de Medina" <jerry@jerryroblesdemedina.com> wrote in
message
> > news:u$RJaOtUDHA.1872@TK2MSFTNGP12.phx.gbl...
> > > Hi,
> > > I would like to implement EFS on a folder on my Windows 2000 SP2
server
> > with
> > > AD.All my clients are also Windows 2000 Pro SP2.
> > > This folder contains shared files used by all of the users, but I want
> to
> > > implement some security and thought EFS was right for it.Will I get
> > problems
> > > if my users will try to open and write to those files, or should I be
> > > looking for something else.
> > >
> > > Thanks,
> > >
> > > Jerry
> > >
> > >
> >
> >
>
>

Relevant Pages

  • Re: Serious EFS Issue
    ... user's information it copied her Documents and Settings to the 2003 server. ... I am also using folder redirection with her My Documents folder, ... where I am having issues with her data encryption. ... > for use with EFS (use the account to look in the Certificates ...
    (microsoft.public.windows.server.security)
  • Re: Using EFS for laptops in a domain
    ... I had already searched the web for disabling ... EFS and had not found anything. ... If instead you want to prevent EFS on the folder level, ... I drag it to the correct spot on the server, it is also encrypted on the ...
    (microsoft.public.windowsxp.security_admin)
  • Re: remote DEcryption problem
    ... > 1)- Where is the shared folder located, i.e., on a domain ... If just a server, you have to ... This will provide a central store for all EFS ... >>encrypt file on the server by a domain client. ...
    (microsoft.public.win2000.security)
  • RE: Encryption caused strange server behaviour
    ... > exchange server running small business server 2003. ... > -Created a new Network Place pointing to the folder on the server. ... > -Checked the folder I tried to encrypt, none of it seems to be encrypted. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Using EFS for laptops in a domain
    ... The second link below shows how to disable EFS for a folder. ... it to the correct spot on the server, it is also encrypted on the server. ... I don't want to disable encryption on the server, ...
    (microsoft.public.windowsxp.security_admin)