Re: Implementing EFS for select users
From: Roger Abell [MVP] (mvpNoSpam_at_asu.edu)
Date: 10/27/05
- Previous message: Joe Richards [MVP]: "Re: Network Services accessed after account disabled"
- Maybe in reply to: Steven L Umbach: "Re: Implementing EFS for select users"
- Next in thread: ILG: "Re: Implementing EFS for select users"
- Reply: ILG: "Re: Implementing EFS for select users"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 26 Oct 2005 23:00:55 -0700
Just a note as precaution, if the workaround outlined is followed . . .
be sure that the accounts into which the common EFS cert/key is
being imported do not have any pre-existing EFS encrypted files.
-- Roger Abell Microsoft MVP (Windows Server : Security) MCDBA, MCSE W2k3+W2k+Nt4 "Pat Hoffer [MSFT]" <pathoff@online.microsoft.com> wrote in message news:94D6058F-B24E-4CF1-BC88-F7CFBDA6E929@microsoft.com... > It sounds like you want to encrypt common folders that are stored locally > on > these machines and allow access to them by selected domain users who log > onto > those machines. If that's the case, you would need to add each user's EFS > certificate to each file, and EFS in Windows 2000 cannot do that. (EFS in > Windows XP has a UI for adding users to encrypted files.) > > If this would be acceptable to your situation, a workaround is to share > the > same EFS certificate and key between users. Log onto the workstation as > the > user who encrypted the files and back up (export) the EFS certificate and > key > from his profile to a .pfx file. Have the other users log onto the same > machine and import that certificate/key into their profiles (just run the > .pfx file). Anyone who has that certificate and key and NTFS permissions > to > the files will be able to open the files. For that reason, be sure to > keep > the .pfx file private. > > If this would work for you, steps for backing up the certificate and key > are > at > http://www.microsoft.com/windows2000/techinfo/planning/security/efssteps.asp. > Look for "To back up your encryption certificate and private key." > > Thanks. > Pat > -- > This posting is provided "AS IS" with no warranties, and confers no > rights. > > > "CYACOMINI (ILG)" wrote: > >> Hello - here's a good one.. >> >> We have our finance team and their workstations located on the same floor >> as >> a 3rd party company. As a result, we want to apply EFS to the finance >> workstations which connect to our banks etc. Problem is, I can't seem to >> work >> it all out ! >> >> To explain, we have a total of 50 workstations in the finance team - only >> 4 >> of which we want to apply EFS to (select folders). These machines are all >> in >> Active Directory and are used by multiple users at different times. >> >> Can anyone explain what i should be doing here, or even point me in the >> right direction ? I've got the Microsoft guides but they just dont seem >> to >> help - keep getting errors about the selected users not having the >> appropriate certificates. >> >> thanks in advance ! >> >>
- Previous message: Joe Richards [MVP]: "Re: Network Services accessed after account disabled"
- Maybe in reply to: Steven L Umbach: "Re: Implementing EFS for select users"
- Next in thread: ILG: "Re: Implementing EFS for select users"
- Reply: ILG: "Re: Implementing EFS for select users"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
