Re: Implementing EFS for select users
From: ILG (CYACOMINIILG_at_discussions.microsoft.com)
Date: 10/27/05
- Previous message: Roger Abell [MVP]: "Re: Implementing EFS for select users"
- In reply to: Roger Abell [MVP]: "Re: Implementing EFS for select users"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 27 Oct 2005 03:53:02 -0700
Well many thanks for your support on this one - I'm setting up a test machine
just now so i'll give it a shot and see what happens. fingers crossed eh !
"Roger Abell [MVP]" wrote:
> Just a note as precaution, if the workaround outlined is followed . . .
> be sure that the accounts into which the common EFS cert/key is
> being imported do not have any pre-existing EFS encrypted files.
>
> --
> Roger Abell
> Microsoft MVP (Windows Server : Security)
> MCDBA, MCSE W2k3+W2k+Nt4
> "Pat Hoffer [MSFT]" <pathoff@online.microsoft.com> wrote in message
> news:94D6058F-B24E-4CF1-BC88-F7CFBDA6E929@microsoft.com...
> > It sounds like you want to encrypt common folders that are stored locally
> > on
> > these machines and allow access to them by selected domain users who log
> > onto
> > those machines. If that's the case, you would need to add each user's EFS
> > certificate to each file, and EFS in Windows 2000 cannot do that. (EFS in
> > Windows XP has a UI for adding users to encrypted files.)
> >
> > If this would be acceptable to your situation, a workaround is to share
> > the
> > same EFS certificate and key between users. Log onto the workstation as
> > the
> > user who encrypted the files and back up (export) the EFS certificate and
> > key
> > from his profile to a .pfx file. Have the other users log onto the same
> > machine and import that certificate/key into their profiles (just run the
> > .pfx file). Anyone who has that certificate and key and NTFS permissions
> > to
> > the files will be able to open the files. For that reason, be sure to
> > keep
> > the .pfx file private.
> >
> > If this would work for you, steps for backing up the certificate and key
> > are
> > at
> > http://www.microsoft.com/windows2000/techinfo/planning/security/efssteps.asp.
> > Look for "To back up your encryption certificate and private key."
> >
> > Thanks.
> > Pat
> > --
> > This posting is provided "AS IS" with no warranties, and confers no
> > rights.
> >
> >
> > "CYACOMINI (ILG)" wrote:
> >
> >> Hello - here's a good one..
> >>
> >> We have our finance team and their workstations located on the same floor
> >> as
> >> a 3rd party company. As a result, we want to apply EFS to the finance
> >> workstations which connect to our banks etc. Problem is, I can't seem to
> >> work
> >> it all out !
> >>
> >> To explain, we have a total of 50 workstations in the finance team - only
> >> 4
> >> of which we want to apply EFS to (select folders). These machines are all
> >> in
> >> Active Directory and are used by multiple users at different times.
> >>
> >> Can anyone explain what i should be doing here, or even point me in the
> >> right direction ? I've got the Microsoft guides but they just dont seem
> >> to
> >> help - keep getting errors about the selected users not having the
> >> appropriate certificates.
> >>
> >> thanks in advance !
> >>
> >>
>
>
>
- Previous message: Roger Abell [MVP]: "Re: Implementing EFS for select users"
- In reply to: Roger Abell [MVP]: "Re: Implementing EFS for select users"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
