No announcement yet.

EFS question

  • Filter
  • Time
  • Show
Clear All
new posts

  • EFS question

    I am experimenting with EFS(2008 R2 with Win7 client, 2008 R2 AD), and have an encypted folder setup within one of my file shares. I am able to access the file when logged in as the allowed AD user, and not allowed when logged in as an AD user that isnt listed on the encrypted -> advanced attribute section. However, When I attempted to export the certificate and import it into another user's personal store, that user was not able to access the file. The only way it worked is on the file server itself, importing the certificate with the private key did allow that user to access the file, but only locally on the file server, not remotely via the share. What I am trying to do is basically have one certificate that is used for the EFS protected folder, and be able ti install that certificate to any user whom I want to grant access to the EFS protected share.

  • #2
    Re: EFS question

    EFS doesnt work that way -- you need to (as the owner of the file) add other users certificates to the permissions. You also need to distribute certificates so normally this involves ADCS being deployed.

    Ask yourself -- do you really need encryption -- 99% of the time the answer is NO
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    IT Trainer / Consultant
    Ossian Ltd

    ** Remember to give credit where credit is due and leave reputation points where appropriate **