?
Solved

EFS (Encrypted File System) help!

Posted on 2006-07-07
5
Medium Priority
?
506 Views
Last Modified: 2011-09-20
I would like to automate the adding of user certificates to files once it is encrypted but I am struggling getting anywhere.  

Here is the scenario:

I have a program that finds certain files and uses EFS to encrypt them.  Most of these files are found on the network with multiple people having to be able to view/access them.  Once the file is encrypted, it only adds the certificate of the person that encrypted the file.  What I need is to be able to use a command line tool or some code to add the other users associated with this file.  Can this be done?  I have been looking at certutil and cipher command line tools and I don't see how to add users without going through the file properties in explorer.  The program itself is a VB6 app if that helps.  This is the last step of this project so any help would be appreciated.

PS - Is there a setting or something in the CA, Active Directory, etc that will automatically add the certificates of all individuals that have access to that file?  

Thanks in advance
0
Comment
Question by:tw_chase
  • 2
3 Comments
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 2000 total points
ID: 17063488
0
 

Author Comment

by:tw_chase
ID: 17235649
Well the above answer doesn't help.  I found a API called AddUsersToEncryptedFile that does it but there is little about it on the internet.  I hired a thrid party to get involved to solve the issue but that is the route we are going.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 17241319
Because there is no method to issue a certificate for a group, only individual user accounts can be authorized for access to an encrypted file. Groups cannot be authorized for access.
I'm not sure if this matters, but there are 3rd party encryption tools that are easier to use and ultimately more secure. PGP, and TrueCrypt spring to mind.
Perhaps there is a way to automate adding users as recovery agents... I'm not sure that a recovery agent has the ability to encrypt, but they can decrypt...
http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/distrib/dsck_efs_lwqi.mspx
http://technet2.microsoft.com/WindowsServer/en/library/5ad01135-c289-4f64-8bf3-8c0de903a8b71033.mspx
http://support.microsoft.com/kb/887414
-rich
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

It's not just another paperwork submission. Serious planning and rigour to managing the whole thought processes need to be put in place. The intent is not on drilling into the details, but to share tips in getting the first thing right to kick-start…
A question that many companies need to answer until May 25th of 2018... Is your company ready for GDPR?
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

569 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question