Re: Question on EFS...

From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 09/27/04

  • Next message: Sherman H.: "Patch Management" 
    Date: Mon, 27 Sep 2004 01:21:07 GMT

    You can not share EFS encrypted files with other users in Windows 2000. That
    was a feature added to XP Pro. Note that it is possible to have more than
    one user decrypt a file as the recovery agent can also decrypt it. Windows
    2000 requires a RA while XP Pro does not. --- Steve

    http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx
    -- explains how to share EFS files in XP Pro/W2003 and a lot more.

    "Patrick Saunders" <psaunder@comcen.com.au> wrote in message
    news:7bfe00fe.0409261656.6e60fb5d@posting.google.com...
    > Hi,
    > I am studying to do my first MS exam, for 70-290.
    > I have a question from the Syngres 70-290 book that I don't
    > understand.
    > From Chapter 5, question 14 Self Test:
    >
    > ========
    > 14. You have an encrypted file that you want to share with another
    > user,William.The file is stored on your local Windows 2000
    > computer.You create a share on your computer,and give William share
    > and NTFS permissions to the folder where the file is located.
    > How will you prepare the file with EFS so that only the recipient can
    > access the contents of the file?
    >
    > A. Open a command prompt and encrypt the file using cipher /e /u
    > username filename.
    >
    > B. Open a command prompt and encrypt the file using cipher /e
    > /x:outputfile filename.
    >
    > C. Open the Properties window of the file, click Advanced, select the
    > Encrypt this file check box, click Details, and then add William to
    > the list of users who can decrypt the file.
    >
    > D. You cannot do this with EFS.
    > ==========
    >
    > The correct answer is D.
    >
    > According to Microsoft articles on technet, it says you can only add
    > certificates for users that are
    > A)in Domain ,
    > B)On local machine.
    > Is this correct?
    >
    > OR, is it due to the added functionality in explorer for EFS in
    > Windows XP that did not exist in Win 2000 ??
    >
    > I would apppreciate if someone can clarrify this!
    >
    > Thanks in advance,
    >
    > Patrick.

  • Next message: Sherman H.: "Patch Management"

    Relevant Pages

    • Re: EFS Certificate Needed
      ... a backup and restore of an EFS ... not load some of them because the encrypted files were still present. ... Foe sure I will follow "Windows Recommendations". ... that recovery agent will only have ...
      (microsoft.public.security)
    • Re: EFS Certificate Needed
      ... a backup and restore of an EFS ... not load some of them because the encrypted files were still present. ... Foe sure I will follow "Windows Recommendations". ... that recovery agent will only have ...
      (microsoft.public.security)
    • Re: Login to other user profile..
      ... You possibly could if the user's EFS private key is still on the computer ... Windows XP Pro does not require a Recovery ... to access the files but you could logon as admin, ...
      (microsoft.public.windows.group_policy)
    • Re: Login to other user profile..
      ... > You possibly could if the user's EFS private key is still on the computer ... Windows XP Pro does not require a Recovery ... > able to access the files but you could logon as admin, ...
      (microsoft.public.windows.group_policy)
    • Re: CANNOT EFS DECRYPT AFTER A GHOST RESTORE
      ... You did not follow the best practices of EFS. ... in Windows Server 2003, in Windows 2000, and in Windows XP ... Using Efsinfo.exe to determine information about encrypted files ... ever run into an issue where restoring the partition did ...
      (microsoft.public.windowsxp.security_admin)