Re: Encrypting File System - EFS in Win XP

From: Mike Brannigan [MSFT] (mikebran_at_online.microsoft.com)
Date: 01/17/05

• Next message: Bigbruva: "Re: error id 7031"
• Previous message: Malke: "Re: Looking for software similar to security manager"
• In reply to: unicorn: "Re: Encrypting File System - EFS in Win XP"
• Next in thread: Pat Hoffer [MSFT]: "Re: Encrypting File System - EFS in Win XP"
• Reply: Pat Hoffer [MSFT]: "Re: Encrypting File System - EFS in Win XP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Mon, 17 Jan 2005 16:30:52 -0000

"unicorn" <unicorn@discussions.microsoft.com> wrote in message
news:65B73F0D-1038-4713-8945-C2DED79FC4F1@microsoft.com...
> Thankyou. I have another question which I think I need some assistance
> please.
>
> Support for multiple users on folders in not provided in Windows XP but
> EFS
> does support file sharing between multiple users on a single file.
>
> As a practical example for the above I used:
>
> This diverse from Windows XP because EFS states that the users who will be
> authorized to access the encrypted file must have EFS certificates. These
> certificates can be located in roaming profiles or in the user profiles on
> the computer on which the file to be shared is stored , or they can be
> stored
> in and retrieved from Active Directory.
>
> What do you think?

You do not have EFS encrpytion on a folder.
You may mark a folder as encrypted - you are actually just saying that all
files within that folder are to be encrypted individually. As you can see if
you look at the advanced attributes of an EFS "encrypted" folder the Details
button is greyed out so you cannot add any other users to the folder. EFS
functions at the file level.

I'm sorry I do not understand your question but the method by which EFS file
sharing is enabled and the locations of certificates etc is again all
covered in Chapter 17 of the Windows XP Resource Kit Documentation.

-- 
Regards,
Mike
--
Mike Brannigan [Microsoft]
This posting is provided "AS IS" with no warranties, and confers no
rights
Please note I cannot respond to e-mailed questions, please use these
newsgroups
"unicorn" <unicorn@discussions.microsoft.com> wrote in message 
news:65B73F0D-1038-4713-8945-C2DED79FC4F1@microsoft.com...
> Thankyou.  I have another question which I think I need some assistance 
> please.
>
> Support for multiple users on folders in not provided in Windows XP but 
> EFS
> does support file sharing between multiple users on a single file.
>
> As a practical example for the above I used:
>
> This diverse from Windows XP because EFS states that the users who will be
> authorized to access the encrypted file must have EFS certificates. These
> certificates can be located in roaming profiles or in the user profiles on
> the computer on which the file to be shared is stored , or they can be 
> stored
> in and retrieved from Active Directory.
>
> What do you think?
>
> 10x
>
> unicorn
>
>
> "Mike Brannigan [MSFT]" wrote:
>
>> "unicorn" <unicorn@discussions.microsoft.com> wrote in message
>> news:34631876-5FEC-49AE-B068-0FF98943E54E@microsoft.com...
>> > Hi,
>> >
>> > I need a practical example why the support for the use of groups on
>> > encrypted files is not provided by EFS.  I need this details to enrich 
>> > my
>> > assignment.
>> >
>> > Thanks for your help.
>>
>> All covered in detail in Chapter 17 of the Windows XP Resource Kit
>> Documentation.
>> see
>> http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/Windows/XP/all/reskit/en-us/prnb_efs_qutx.asp
>>
>>
>> Authorizing Multi-User Access to Encrypted Files
>> Users can share encrypted files with other local, domain, and trusted 
>> domain
>> users. Authorizing user access to encrypted files is a separate process 
>> from
>> sharing files for network access by using share-level security and access
>> control lists. Because there is no method to issue a certificate for a
>> group, only individual user accounts can be authorized for access to an
>> encrypted file. Groups cannot be authorized for access.
>>
>> You cannot issue a certificate to a group as certificates must be issued 
>> to
>> security principles that represent an object that authenticates to the
>> directory service (e.g users or machines - not groups)
>>
>>
>> -- 
>>
>> Regards,
>>
>> Mike
>> --
>> Mike Brannigan [Microsoft]
>>
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights
>>
>> Please note I cannot respond to e-mailed questions, please use these
>> newsgroups
>>
>> "unicorn" <unicorn@discussions.microsoft.com> wrote in message
>> news:34631876-5FEC-49AE-B068-0FF98943E54E@microsoft.com...
>> > Hi,
>> >
>> > I need a practical example why the support for the use of groups on
>> > encrypted files is not provided by EFS.  I need this details to enrich 
>> > my
>> > assignment.
>> >
>> > Thanks for your help.
>> >
>> > unicorn
>> >
>> >
>>
>>
>> 

---

• Next message: Bigbruva: "Re: error id 7031"
• Previous message: Malke: "Re: Looking for software similar to security manager"
• In reply to: unicorn: "Re: Encrypting File System - EFS in Win XP"
• Next in thread: Pat Hoffer [MSFT]: "Re: Encrypting File System - EFS in Win XP"
• Reply: Pat Hoffer [MSFT]: "Re: Encrypting File System - EFS in Win XP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)