Solved

EFS on Windows 2003 domain with a 2008 File Server

Posted on 2013-06-07
1
602 Views
Last Modified: 2013-06-10
I would like to know if it is possible to set up EFS on several shares for a Windows 2008 server, while the domain level is on Windows 2003 Server. I have tried to set it up unsuccessfully for the past couple of days, nut I have not been able to find any supporting info regarding the different versions and implementing EFS. We have several Workstations on Windows 7 and XP.

Regards,
0
Comment
Question by:Synetek
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 39231223
It should be possible.

 You can use EFS to encrypt and decrypt files and folders that are located on NTFS volumes on a remote server if the server is trusted for delegation in Active Directory. To remotely encrypt and decrypt files and folders, your certificate and private key must be stored on the server. The server uses Kerberos delegation to access this information.

E.g.  When files are stored on file shares, all EFS operations occur on the computer on which the files are stored. For example, if a user connects to a network file share and chooses to open a file that he or she previously encrypted, the file is decrypted on the computer on which the file is stored and then transmitted in plaintext over the network to the user’s computer.

Note the "plaintext" over the network. Hence not end to end for remote shares

I am suggesting below to see if helpful on the criteria for Remote EFS file share :
http://technet.microsoft.com/library/bb457116.aspx#EHAA

this is an lengthy forum which seems to be likely what commonly faced in remote shares
http://social.technet.microsoft.com/Forums/en-US/w7itprosecurity/thread/ab0a7538-cede-477f-9b9b-bfccf2ee27fb


Likewise there is EFS troubleshooting (on error msg) if necessary
http://technet.microsoft.com/en-us/library/bb457116.aspx#EBAA
http://technet.microsoft.com/en-us/library/cc700811.aspx#XSLTsection132121120120
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cause of ransomware attack 13 164
Hyper-V: Exporting VM with only 1 of 2 VHDs? 1 72
Duplicate SPN entries 1 23
Active Directory Replication 1 24
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question