Re: EFS activation

From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 08/14/05


Date: Sat, 13 Aug 2005 23:21:52 -0500

By default they should all ready be able to use EFS unless you restricted it
with Group Policy or a registry mod on those computers. XP Pro computer do
not require a RA. Be very careful with EFS and be sure to follow best
practices. If the users are already using it and have no RA then their
currently encrypted files will stay without a CA until they open them after
a point in time when new Group Policy is in effect that dictates the RA.
Also keep in mind as long as the users EFS private key is on their computer
their EFS is only as strong as their user password. The first link below
shows how EFS is disabled and enabled for EFS in XP Pro. I would also
encourage users to backup their EFS private key and to keep it separate from
their computer. --- Steve

http://www.petri.co.il/disable_efs_in_windows_xp_2003.htm
http://support.microsoft.com/default.aspx?scid=kb;EN-US;223316 --- EFS
best practices

"Cezar" <Cezar@discussions.microsoft.com> wrote in message
news:D6202894-BC82-4E9D-AF7A-EEE433880236@microsoft.com...
> hi all!
>
> I have some laptop's and I want to activate EFS on all.
> I can do this from Group Policy without physical access?
>
> This laptops access network occasionally, when I need to install software
> or
> ...errors.
> I create GP rules for security, software restriction policy ...and it's
> successfully aplied.
>
> I don't want to create an Certificates server, only domain administrator
> is
> RA.
>
>
> 10x
> Cezar



Relevant Pages

  • Re: Recovery Agent configured in GPO, but cannot see it in Encrypt
    ... details as that rsop.msc shows the computer displays the RA, the certificates ... EFS enabled, ... Group Policy settings can be forced to refresh ... because of domain Group Policy configuration you may have a problem with DNS ...
    (microsoft.public.windowsxp.security_admin)
  • Re: EFS Errors
    ... > domain computers but there is a KB article that refers to the errors you are ... > your EFS errors if you have changed your Recovery Agent Certificate. ... > prevent Group Policy from working correctly. ...
    (microsoft.public.security)
  • Re: EFS Errors
    ... Disabling DFS can disrupt your Group Policy propagation which may be causing ... your EFS errors if you have changed your Recovery Agent Certificate. ... I am able to encrypt on the server but noone is able to encrypt ...
    (microsoft.public.security)
  • Re: Recovery Agent configured in GPO, but cannot see it in Encrypt
    ... On the computer where you created the EFS files that do not show a RA try ... Policy that has the RAs configured which should be all computers if done at ... because of domain Group Policy configuration you may have a problem with DNS ...
    (microsoft.public.windowsxp.security_admin)
  • Re: EFS Errors
    ... of Policy for one of the problem computers to see what Group Policy settings ... >> domain computers but there is a KB article that refers to the errors you ... >> your EFS errors if you have changed your Recovery Agent Certificate. ...
    (microsoft.public.security)