Re: EFS on shared file server
- From: "Lorenzo Soncini" <lorenzo.soncini@xxxxxxxxxxxxxxxxx>
- Date: Sat, 24 May 2008 10:33:01 +0200
There is some solution (not manually solutions) to share encripted file to some users?
"Brian Komar (MVP)" <brian.komar.nospam@xxxxxxxxxxxxxxxxx> wrote in message news:OxjfNgPvIHA.4916@xxxxxxxxxxxxxxxxxxxxxxx
EFS is not designed for your solution..
It is user based, not group based.
GIving the recovery agent certificate and private key to users is about the worst/stupidest (seriously, give away the ability to open *any* EFS encrypted files!!!!) idea I have seen in some time.
Now, with Windows Vista and WIndows Server 2008, the behavior of EFS changes.
You may be able to use remote EFS in this scenario with Credential Roaming SErvices.
But you would still have to individually add users and their certificates.
"Lorenzo Soncini" <lorenzo.soncini@xxxxxxxxxxxxxxxxx> wrote in message news:Oi%23%23jsOvIHA.5520@xxxxxxxxxxxxxxxxxxxxxxxYou tell me all corect thing. I have readed and know the official solution....but I have many file and do the work manually is an hard work.
I think my is tipacally working scenario.
The only usable solution is use the Recovery Agent.
If someone have other solutions....
"S. Pidgorny <MVP>" <slavickp@xxxxxxxxx> wrote in message news:e#Wjy4LvIHA.1936@xxxxxxxxxxxxxxxxxxxxxxxEFS is for protecting local information. In your scenario, the file gets decrypted on the file server and sent to the client in clear, with no guarrantee of any protection whatsoever (unless everybody in HR is using Bitlocker). And because you're creating many recovery agents, the secrecy deteriorates while you have to manage recovery agents etcetera. Correct me if I'm incorrect but IT people also will have access to the information or the backup sets.
I would concentrate on protecting local access to the server console and maintaining the share ACLs.
Side note: MS guidelines for sharing access to EFS are in the http://support.microsoft.com/kb/308991 (equally applies to Windows Server 2003)
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-
* http://sl.mvps.org * http://msmvps.com/blogs/sp *
"Lorenzo Soncini" <lorenzo.soncini@xxxxxxxxxxxxxxxxx> wrote in message news:%23FQjHPKvIHA.3384@xxxxxxxxxxxxxxxxxxxxxxxHi,
I need to use EFS on a shared folder of my file server. For grant access to many people to the file in folder I have created many EFS Recovery Agent.
All work fine if I use a local file system, but on the file sever only the user who have encrypted the file can access to it and not the EFS Recovery agent.
Is possible store the User Certificate for EFS on AD so if one user logon on different computer can always access encrypeted file?
In a company the Human Resource Office (HR) need EFS for the reservation of sensitive information about employees. But all the employees of the HRO need to access this information. Is not applicable the solution to manually add all user on the property of EFS in all encrypted file.
- Re: EFS on shared file server
- From: Brian Komar \(MVP\)
- Re: EFS on shared file server
- Prev by Date: Re: "Self" security group - exposed?
- Next by Date: Re: EFS on shared file server
- Previous by thread: Re: EFS on shared file server
- Next by thread: Re: EFS on shared file server