Solved

EFS (Encrypted File System) help!

Posted on 2006-07-07
5
497 Views
Last Modified: 2011-09-20
I would like to automate the adding of user certificates to files once it is encrypted but I am struggling getting anywhere.  

Here is the scenario:

I have a program that finds certain files and uses EFS to encrypt them.  Most of these files are found on the network with multiple people having to be able to view/access them.  Once the file is encrypted, it only adds the certificate of the person that encrypted the file.  What I need is to be able to use a command line tool or some code to add the other users associated with this file.  Can this be done?  I have been looking at certutil and cipher command line tools and I don't see how to add users without going through the file properties in explorer.  The program itself is a VB6 app if that helps.  This is the last step of this project so any help would be appreciated.

PS - Is there a setting or something in the CA, Active Directory, etc that will automatically add the certificates of all individuals that have access to that file?  

Thanks in advance
0
Comment
Question by:tw_chase
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 500 total points
ID: 17063488
0
 

Author Comment

by:tw_chase
ID: 17235649
Well the above answer doesn't help.  I found a API called AddUsersToEncryptedFile that does it but there is little about it on the internet.  I hired a thrid party to get involved to solve the issue but that is the route we are going.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 17241319
Because there is no method to issue a certificate for a group, only individual user accounts can be authorized for access to an encrypted file. Groups cannot be authorized for access.
I'm not sure if this matters, but there are 3rd party encryption tools that are easier to use and ultimately more secure. PGP, and TrueCrypt spring to mind.
Perhaps there is a way to automate adding users as recovery agents... I'm not sure that a recovery agent has the ability to encrypt, but they can decrypt...
http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/distrib/dsck_efs_lwqi.mspx
http://technet2.microsoft.com/WindowsServer/en/library/5ad01135-c289-4f64-8bf3-8c0de903a8b71033.mspx
http://support.microsoft.com/kb/887414
-rich
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
save browser passwords 11 81
Cisco ASA blocks some https sites. 27 64
Windows 10 Task Scheduler fears and concerns 8 45
Data encryption options between SQL DBs 3 22
Businesses who process credit card payments have to adhere to PCI Compliance standards. Here’s why that’s important.
Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question