Re: Creating CA and self-signed cert for EFS recovery
- From: "Steve Riley [MSFT]" <steve.riley@xxxxxxxxxxxxx>
- Date: Sat, 21 Jul 2007 20:15:30 -0700
Have these files already been encrypted by EFS? If so, then setting up a CA after-the-fact won't give you the ability recover those files. They'd have to be decrypted then re-encrypted after you get the CA set up and all clients switched over to using the EFS certificates it issues.
Or, if you're looking to deploy EFS the right way before users begin encrypting anything, allow me to point you to the recently-released Data Encryption Toolkit for Mobile PCs. The guidance and tool here will make EFS much easier for you.
http://www.microsoft.com/technet/security/guidance/clientsecurity/dataencryption/default.mspx
Steve Riley
steve.riley@xxxxxxxxxxxxx
http://blogs.technet.com/steriley
"Bill Hobson" <Ih8spamwjh2@xxxxxxxxxxxxxx> wrote in message news:uHuFj6gyHHA.1484@xxxxxxxxxxxxxxxxxxxxxxx
Sigh! When trying to discover a Step-by-Step (even in the so called Step-by-Step section of Technet) method of setting up a simple (oxymoron?) configuration of a CA and self-signed certificate for the sole purpose of being able to recover EFS encrypted files and folders, I struck out..
Can anyone point me to some material on how to set this up? Our environment is Windows 2003 servers (will make DC a CA for this purpose) and all machines with EFS will belong to the domain where the CA exists.
- Follow-Ups:
- Re: Creating CA and self-signed cert for EFS recovery
- From: Bill Hobson
- Re: Creating CA and self-signed cert for EFS recovery
- References:
- Creating CA and self-signed cert for EFS recovery
- From: Bill Hobson
- Creating CA and self-signed cert for EFS recovery
- Prev by Date: Re: NT4 password limited to 14 characters ?
- Next by Date: Re: How to force User log off when time expires?
- Previous by thread: Creating CA and self-signed cert for EFS recovery
- Next by thread: Re: Creating CA and self-signed cert for EFS recovery
- Index(es):
Relevant Pages
|
