EFS on shared file server

From: "Lorenzo Soncini" <lorenzo.soncini@xxxxxxxxxxxxxxxxx>
Date: Fri, 23 May 2008 09:08:14 +0200

Hi,
I need to use EFS on a shared folder of my file server. For grant access to many people to the file in folder I have created many EFS Recovery Agent.
All work fine if I use a local file system, but on the file sever only the user who have encrypted the file can access to it and not the EFS Recovery agent.

Other question:
Is possible store the User Certificate for EFS on AD so if one user logon on different computer can always access encrypeted file?

The scenario:
In a company the Human Resource Office (HR) need EFS for the reservation of sensitive information about employees. But all the employees of the HRO need to access this information. Is not applicable the solution to manually add all user on the property of EFS in all encrypted file.

Thanks
Lorenzo Soncini

.

Follow-Ups:
- Re: EFS on shared file server
  - From: Roger Abell [MVP]

Prev by Date: Re: Retiring Certficate Authority
Next by Date: Re: Smart Card Logon RODC
Previous by thread: Re: Smart Card Logon RODC
Next by thread: Re: EFS on shared file server
Index(es):
- Date
- Thread

Relevant Pages

Re: EFS and multiple users
... EFS on that shared folder on the server and the users will be able to open ...
(microsoft.public.win2000.security)
EFS - Best way to share files in a workgroup?
... What I'd like to do is keep my EFS encrypted files ... on one machine in a shared folder so that other ... machines on the network can also use them. ... a workgroup network with all machines running ...
(microsoft.public.windowsxp.security_admin)
Re: EFS on shared file server
... GIving the recovery agent certificate and private key to users is about the worst/stupidest (seriously, give away the ability to open *any* EFS encrypted files!!!!) idea I have seen in some time. ... Now, with Windows Vista and WIndows Server 2008, the behavior of EFS changes. ... Is possible store the User Certificate for EFS on AD so if one user logon on different computer can always access encrypeted file? ...
(microsoft.public.windows.server.security)
Re: EFS on shared file server
... I need to use EFS on a shared folder of my file server. ... For grant access to many people to the file in folder I have created many EFS Recovery Agent. ... Is possible store the User Certificate for EFS on AD so if one user logon on different computer can always access encrypeted file? ...
(microsoft.public.windows.server.security)
Re: Securing corporate data
... > Wouldn't a policy that disallows copying from EFS to non-EFS help? ... > Microsoft can easily implement such a thing... ... > people, or disgruntled employees... ...
(microsoft.public.security)