Re: EFS activation

From: Steven L Umbach (
Date: 08/14/05

Date: Sat, 13 Aug 2005 23:21:52 -0500

By default they should all ready be able to use EFS unless you restricted it
with Group Policy or a registry mod on those computers. XP Pro computer do
not require a RA. Be very careful with EFS and be sure to follow best
practices. If the users are already using it and have no RA then their
currently encrypted files will stay without a CA until they open them after
a point in time when new Group Policy is in effect that dictates the RA.
Also keep in mind as long as the users EFS private key is on their computer
their EFS is only as strong as their user password. The first link below
shows how EFS is disabled and enabled for EFS in XP Pro. I would also
encourage users to backup their EFS private key and to keep it separate from
their computer. --- Steve;EN-US;223316 --- EFS
best practices

"Cezar" <> wrote in message
> hi all!
> I have some laptop's and I want to activate EFS on all.
> I can do this from Group Policy without physical access?
> This laptops access network occasionally, when I need to install software
> or
> ...errors.
> I create GP rules for security, software restriction policy ...and it's
> successfully aplied.
> I don't want to create an Certificates server, only domain administrator
> is
> RA.
> 10x
> Cezar