how to set up efs in windows 2003 domain environment

Posted on 2006-11-20
Medium Priority
Last Modified: 2013-12-04
I need to set up efs in domain environment.

It would be great if you could tell me steps to configure efs in domain.
Question by:CMORAZA
LVL 33

Accepted Solution

Busbar earned 252 total points
ID: 17985723
LVL 38

Expert Comment

by:Rich Rumble
ID: 17987162
I'd suggest using something other than EFS if you want an easy to manage solution that is secure by default. You must complete all these steps to even think that EFS might be secure: http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx#E5KAE
If you can remember to do all those things and train users to follow those instructions (decrypting/encrypting files in an encrypted folder only) then there is little hope of recovering EFS data.
TrueCrypt or PGP are secure out of the gate, and they don't decrypt files on the HD and create a plain-text version that can be recovered, they decrypt in memory, so if power is lost, there is no plain-text copy on the HD as there is with EFS.
make sure you back up all keys also if using EFS
Get to know EFS as best you can if you really want to use it http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/deploy/dgch_pki_rjxf.mspx?mfr=true

Author Comment

ID: 18001135
Thank you for your help.

I am having difficulty to share encrypted files with the other user on a domain environment.

encrypted files are on a file server.
The file server is trusted for delegation.
the other user has permission to open encrypted files.

Any tips would be appreciated.
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 248 total points
ID: 18002057
They need to be a DA, look here for adding users to the decryption agents: http://www.microsoft.com/windowsxp/using/security/expert/sharefilesefs.mspx
http://support.microsoft.com/kb/308991 If all that is in-line, try using efsinfo.exe to see if they are indeed allowed or not: efsinfo /u c:\path\to\file.txt   (or efsinfo /u \\server\sharename\file )

search tip for google, type site:site-example.com term you want to search for     like this:


Expert Comment

ID: 21101062
Forced accept.

EE Admin

Featured Post

We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
An Incident response plan is an organized approach to addressing and managing an incident. The goal is to handle the situation in a way that limits damage and reduces recovery time and costs.
This video tutorial shows you the steps to go through to set up what I believe to be the best email app on the android platform to read Exchange mail.  Get the app on your phone: The first step is to make sure you have the Samsung Email app on your …
In this video I will demonstrate how to set up Nine, which I now consider the best alternative email app to Touchdown.

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question