[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 184
  • Last Modified:

Delagating Security - Access rights to Encrypted files for users / groups /ou in Win2k3~?!

How do I delate rights for users to view Encrypted files on an Win2K3 EFS share?  I gave a user and group full right's to a file that was encrypted, yet they cannot open it.  I have only been able to give them access when I make them a recovery agent for the file itself.  I was under the impression that EFS and ACLS are supposed to work in conjuction?  I am having the same issues when delating rights on encrypted folders.   \\

Any info or support docs. would be appreciated~
0
jfexchange
Asked:
jfexchange
  • 5
  • 4
1 Solution
 
Dmitri FarafontovLinux Systems AdminCommented:
Unfortunately that is not possible. The EFS system uses GUID of a user to form private/public key pairs. They are usually stored as part of profile settings. Further more if you are a part of Active Directory domain structure, you can specify other users as Recovery Agents. However, I suppose you can manually export the keys and import them for targeted users.
0
 
jfexchangeAuthor Commented:
So the only way to grant access to efs files/folders is to make each individual user who needs access as recovery agents?
0
 
Dmitri FarafontovLinux Systems AdminCommented:
Basically yes, or you will have to manually import each user private key and then re-import them under the users you wish to have access to encrypted files. You might want to consider a third party solution, such as PGP Server. =)
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
jfexchangeAuthor Commented:
Thanks Delta, I am not familar with the PGP solution are you using, is that to expediate the import/export of certificates?
0
 
Dmitri FarafontovLinux Systems AdminCommented:
What happends with PGP Server, you have a central server which every employee in the organization uploads their key into. Basically it is a public/private keypair per employee. More about the product and options here:

http://www.pgp.com/products/
0
 
jfexchangeAuthor Commented:
Thanks for the info, I have been looking into the product.  Still does not see it works for a file share type scenerio?
0
 
Dmitri FarafontovLinux Systems AdminCommented:
Basically users can share their keys through the server. With proper credentials they can reditributed among the organization. Files are secured by public/private pairs. And you grant the authorizations to people to use those pairs on a central server.
0
 
jfexchangeAuthor Commented:
I have been in contact with PGP sales, they don't have an out of the box solution to do what I wanted, the are in the midst of designing a solution for me that will cover all the encryption aspects I was looking for.
0
 
Dmitri FarafontovLinux Systems AdminCommented:
Great to hear you finally on the right track. Good Luck on your endevours with encryption =)
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now