Re: Using EFS for laptops in a domain
- From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 1 Sep 2006 16:09:57 -0500
I was not sure exactly what would happen so thanks for reporting back the
results though they were disappointing. Another good place to post EFS
questions is in the Microsoft.public.security.crypto newsgroup.
Steve
"Knox" <thorn99KILLCAPS@xxxxxxxxxxxxxxxxxxx> wrote in message
news:OZtLryezGHA.720@xxxxxxxxxxxxxxxxxxxxxxx
Well, I'm sorry to say that "disable EFS in a folder" is implemented in a
stupid way. I set up the file as suggested. I tried to encrypted a file
in the folder. It rejected the attempt and gave a good error message.
Good! But the real test is dragging an encrypted file into the folder. It
happily accepted the file with no problem. It remains encrypted and no
warnings are issued. You can access the file if you have the key
normally.
Oh well.
"Knox" <thorn99KILLCAPS@xxxxxxxxxxxxxxxxxxx> wrote in message
news:e$w3KsezGHA.2300@xxxxxxxxxxxxxxxxxxxxxxx
I much appreciate your reply. I had already searched the web for
disabling EFS and had not found anything. I'll give the folder disabling
a try and report back here how it works.
Do you ever see the problem of encrypted laptops wanting to share files
to servers? How do people generally handle this?
I'm backing up certificates and currently have two different users
assigned as recovery agents and I think I'll add a third. What are the
likely problems that might cause a user to not have access to his own
files? The only one I can think of is the user forgetting his password.
Thanks again,
Knox
"Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:evGdnXZG-_3uwmXZnZ2dnUVZ_t6dnZ2d@xxxxxxxxxxxxxx
The second link below shows how to disable EFS for a folder. I have
never tried it myself so you will need to test it to see if works as you
want. Be very careful with EFS as it is not all that hard for users to
be denied access to their own files if there is not a good recovery
strategy in force.
http://support.microsoft.com/default.aspx?scid=kb;EN-US;223316
http://searchwincomputing.techtarget.com/tip/0,289483,sid68_gci1211361,00.html
If instead you want to prevent EFS on the folder level, you can create a
desktop.ini file in the folder. This file should contain the following
two lines:
[Encryption]
Disable=1
This will affect the folder itself and all its files. However, it does
not have any impact on its subfolders and their content.
"Knox" <thorn99KILLCAPS@xxxxxxxxxxxxxxxxxxx> wrote in message
news:Oz10uabzGHA.2076@xxxxxxxxxxxxxxxxxxxxxxx
Hi,
I'm planning on deploying EFS to laptops in our domain. I plan on
encrypting "my documents" and have been testing that configuration
myself. One annoying feature is that I create a document on my laptop
and now I want to share it by moving it to the network. Unfortunately,
when I drag it to the correct spot on the server, it is also encrypted
on the server.
I don't want to disable encryption on the server, but I would like to
disable it in certain folders. Or have the copy operation at least ask
the user what they want to do. I plan to expand the use of EFS on the
server instead of what the users do today, which is password protect
individual files in Word and Excel.
"Educating the user" sounds great, but I know if I keep forgetting to
decrypt the file once I put it on the server, that our standard users
will really be at a loss.
Any ideas?
.
- References:
- Using EFS for laptops in a domain
- From: Knox
- Re: Using EFS for laptops in a domain
- From: Steven L Umbach
- Re: Using EFS for laptops in a domain
- From: Knox
- Re: Using EFS for laptops in a domain
- From: Knox
- Using EFS for laptops in a domain
- Prev by Date: Re: firewall turns on and off
- Next by Date: Re: Using EFS for laptops in a domain
- Previous by thread: Re: Using EFS for laptops in a domain
- Next by thread: Re: Using EFS for laptops in a domain
- Index(es):
Relevant Pages
|
|
