?
Solved

how to set up efs in windows 2003 domain environment

Posted on 2006-11-20
6
Medium Priority
?
2,586 Views
Last Modified: 2013-12-04
I need to set up efs in domain environment.

It would be great if you could tell me steps to configure efs in domain.
0
Comment
Question by:CMORAZA
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 33

Accepted Solution

by:
Busbar earned 252 total points
ID: 17985723
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 17987162
I'd suggest using something other than EFS if you want an easy to manage solution that is secure by default. You must complete all these steps to even think that EFS might be secure: http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx#E5KAE
If you can remember to do all those things and train users to follow those instructions (decrypting/encrypting files in an encrypted folder only) then there is little hope of recovering EFS data.
TrueCrypt or PGP are secure out of the gate, and they don't decrypt files on the HD and create a plain-text version that can be recovered, they decrypt in memory, so if power is lost, there is no plain-text copy on the HD as there is with EFS.
make sure you back up all keys also if using EFS
http://support.microsoft.com/kb/241201
Get to know EFS as best you can if you really want to use it http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/deploy/dgch_pki_rjxf.mspx?mfr=true
http://technet2.microsoft.com/WindowsServer/en/library/288af14d-66e3-4cee-bc3d-38795b046c251033.mspx?mfr=true
http://www.microsoft.com/technet/security/prodtech/windows2000/w2kccadm/dataprot/w2kadm21.mspx
-rich
0
 

Author Comment

by:CMORAZA
ID: 18001135
Thank you for your help.

I am having difficulty to share encrypted files with the other user on a domain environment.

encrypted files are on a file server.
The file server is trusted for delegation.
the other user has permission to open encrypted files.

Any tips would be appreciated.
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 248 total points
ID: 18002057
They need to be a DA, look here for adding users to the decryption agents: http://www.microsoft.com/windowsxp/using/security/expert/sharefilesefs.mspx
http://support.microsoft.com/kb/308991 If all that is in-line, try using efsinfo.exe to see if they are indeed allowed or not: efsinfo /u c:\path\to\file.txt   (or efsinfo /u \\server\sharename\file )
http://www.microsoft.com/technet/technetmag/issues/2006/05/HowITWorks/?topics=y

search tip for google, type site:site-example.com term you want to search for     like this:
http://www.google.com/search?hl=en&q=site%3Amicrosoft.com+efs+share+files&btnG=Google+Search

-rich
0
 
LVL 1

Expert Comment

by:Computer101
ID: 21101062
Forced accept.

Computer101
EE Admin
0

Featured Post

WatchGuard's M Series Appliances - Miecom Approved

WatchGuard's newest M series appliances were put to the test by Miercom.  We had great results and outperformed all of our competitors in both stateless and stateful traffic throghput scenarios! Ready to see how your UTM appliance stacked up? Download the Miercom Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question