Announcement

Collapse
No announcement yet.

Preventing use of EFS on certain shares

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Preventing use of EFS on certain shares

    In a domain with a CA and EFS being used on local workstations, how would you go about allowing people to use EFS *ONLY* on their local machine and on SOME SPECIFIC File shares?

    I have found this : http://support.microsoft.com/kb/302093/en-us

    Which helps me only if the share is hosted on an actual Windows machine..

    And I know I can use a GPO to disable it on a per computer basis, but the problem is, I want it to be enabled on every workstation...just not when they are on a particular share. (well, a few of them)

    Is there a way , at a user-level, to only grant usage of EFS on certain paths?

    Thank you
    Last edited by gepeto; 23rd April 2008, 15:44.
    VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah

  • #2
    Re: Preventing use of EFS on certain shares

    Hi,

    This can not be specific to any user as it's specific to the machine. That means if you disallow EFS on any box that will be done for all the users.

    No luck to make it user specific as any user who has the rights to modify file and computer supports encryption.

    Regards,
    Kapil Sharma
    ~~~~~~~~~~~~~
    Life is too short, Enjoy It.

    Comment


    • #3
      Re: Preventing use of EFS on certain shares

      My wish would be a special NTFS permission to allow encryption, separate from Write. It would be included in "Full Control" or could be specifically given to a user.. that would rock.

      Thanks for the answer.
      VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah

      Comment


      • #4
        Re: Preventing use of EFS on certain shares

        Well I guess if I don't make my file servers trusted for delegation, the kerberos ticket won't be forwarded properly and encryption will not work.

        I'll test that scenario. What do you think of the idea?
        VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah

        Comment


        • #5
          Re: Preventing use of EFS on certain shares

          No.........It's not like that. Still users will be able to encrypt the data.

          Regards,
          Kapil Sharma
          ~~~~~~~~~~~~~
          Life is too short, Enjoy It.

          Comment


          • #6
            Re: Preventing use of EFS on certain shares

            You have a computer policy to disallowe the use of EFS.
            You can apply this policy on to your files servers and filter it to users who or not allowed to use EFS.
            [Powershell]
            Start-DayDream
            Set-Location Malibu Beach
            Get-Drink
            Lay-Back
            Start-Sleep
            ....
            Wake-Up!
            Resume-Service
            Write-Warning
            [/Powershell]

            BLOG: Therealshrimp.blogspot.com

            Comment

            Working...
            X