Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Preventing Encryption in a W2K domain

Posted on 2003-11-27
5
Medium Priority
?
185 Views
Last Modified: 2013-12-04
I want to remove encryption abilities within my domain.
I understand I have to delete the default recovery agent certificate on the Domain Controller.
Are there any other steps I need to take.
I heard i need to set up an empty policy to ensure lower level  policies dont take precedence...does any one have more detail on this?

Also how do I change the CRL location?
0
Comment
Question by:mistaj
5 Comments
 
LVL 41

Accepted Solution

by:
graye earned 272 total points
ID: 9832979
First, you'd better make sure that there aren't any existing EFS-encrypted files on your PCs/servers!

Second, are you trying to prevent encryption on a group of servers (or all PCs throughout the domain)?  If it's just on file shares on a group of servers, you can disable the "the computer is trusted for delegation" option in the Security Policies.

Yep, it's considered "best practice" to delete the Encrypted Data Recovery Agents node, and then recreate an empty one in it's place.  This essentially elminates the use of a local policy.
0
 
LVL 6

Assisted Solution

by:Sebo2000
Sebo2000 earned 264 total points
ID: 9833351
If you
 delete the default recovery agent certificate on the Domain Controller.
Are there any other steps I need to take.
People will still be able to encrypt data on the local computers, to disable completly encryprion, in the domain, you have to edit domain policy and just remove Recovery agent ( default admin group) from the plicy, after they will log off and log back in they will not be able to encrypt files and folders even with local certifiacates..
Regards
sebo
0
 

Assisted Solution

by:VKatalov
VKatalov earned 264 total points
ID: 9956295

There is an answer in Microsoft Knowledbe Base:

HOW TO: Disable EFS for All Computers in a Windows 2000-Based Domain
http://support.microsoft.com/default.aspx?scid=kb;en-us;222022

Regards,
  Vladimir
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Worried about if Apple can protect your documents, photos, and everything else that gets stored in iCloud? Read on to find out what Apple really uses to make things secure.
The recent Petya-like ransomware attack served a big blow to hundreds of banks, corporations and government offices The Acronis blog takes a closer look at this damaging worm to see what’s behind it – and offers up tips on how you can safeguard your…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question