Re: Implementing EFS for select users
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: Wed, 26 Oct 2005 12:59:38 -0500
It depends on if the workstations are Windows 2000 or XP Pro. For Windows
2000 you need to create a policy with an empty list of Recovery Agents for
the computers you want to disable it on and for Windows XP you need to
uncheck the box that allows EFS to be used. What you could do is disable it
on all computers at the domain level via Group Policy and then add the four
computers you want it enabled on into their own OU with a GPO linked to it
and configured where they will have it enabled. The links below explain more
on how to do this with Group Policy. Be VERY careful with EFS as it is easy
to lose permanent access to your data if best practices are not followed
such as using a Recovery Agent and having users baking up their EFS
certificate AND private key to password protected .pfx files. Note that you
can manage EFS by computer - not user. --- Steve
Group Policy EFS for Windows 2000
http://www.petri.co.il/disable_efs_in_windows_xp_2003.htm --- Group Policy
EFS Windows XP/2003
http://support.microsoft.com/default.aspx?scid=kb;EN-US;223316 --- EFS
"CYACOMINI (ILG)" <CYACOMINIILG@discussions.microsoft.com> wrote in message
> Hello - here's a good one..
> We have our finance team and their workstations located on the same floor
> a 3rd party company. As a result, we want to apply EFS to the finance
> workstations which connect to our banks etc. Problem is, I can't seem to
> it all out !
> To explain, we have a total of 50 workstations in the finance team - only
> of which we want to apply EFS to (select folders). These machines are all
> Active Directory and are used by multiple users at different times.
> Can anyone explain what i should be doing here, or even point me in the
> right direction ? I've got the Microsoft guides but they just dont seem to
> help - keep getting errors about the selected users not having the
> appropriate certificates.
> thanks in advance !