We help IT Professionals succeed at work.

Folder Encryption on a WIndows 2003 Server

LockDown32
LockDown32 asked
on
I have a customer that want to encrypt certain files and folders on a WIndows 2003 Server. That could be a royal pain. The have 20 workstations. Does anyone have a tried solution?
Comment
Watch Question

End-user support
Commented:
What would be the pain?
LockDown32Owner
Top Expert 2016

Author

Commented:
What would be the pain? English translation please?
NVITEnd-user support

Commented:
That could be a royal pain
Why? What do you need to do?
LockDown32Owner
Top Expert 2016

Author

Commented:
I give up. I am trying to encrypt files and folders on a Windows 2003 Server. I went back and re-read my questions 6 times. Seems pretty straight forward. What don't you understand?
NVITEnd-user support
Commented:
Right-click the file or folder.
Properties
Advanced
Check "Encrypt contents to secure data"
MaheshArchitect
Distinguished Expert 2019
Commented:
before starting EFS on 2003 server, deploy AD certificate authority on domain
Then add recovery certificate on domain controller under default domain policy\computer configuration\security settings\public key policies\data recovery agent
Then distribute EFS certificates to users
Then set server account and user accounts for delegation
Then enable EFS in default domain GPO
http://tutorial.programming4.us/windows_server/Securing-Windows-Server-2008-R2---Encrypting-File-System.aspx
Then your users can start encrypting files on file servers
Check below article for step by steps
https://technet.microsoft.com/en-us/magazine/2006.05.howitworks.aspx

This is risky thing, if you lose user certificates on machine, they won't be able to access data
hence it is very important to configure recovery agent 1st
Check below links for more info
http://blogs.technet.com/b/sbs/archive/2010/03/09/help-secure-your-business-information-using-encrypting-file-system.aspx
https://mizitechinfo.wordpress.com/2014/07/29/step-by-step-encrypting-user-data-with-efs-in-windows-server-2012-r2/
There are 3rd party utilities available to recover EFS data if required in emergency
LockDown32Owner
Top Expert 2016

Author

Commented:
Maybe a better question to ask is "is anybody doing this"? They got hit with a virus the other day and now they are all worried that this information will get out. Are people actually encrypting things on their servers? If so are they using what comes with Windows?
NVITEnd-user support

Commented:
I don't know if EFS encrypting the file/folder would help for certain viruses. If the virus, running under the current user, has permissions to the files, it would be able to copy the files. Still, it's better than nothing because the virus can't copy other user account's files that are encrypted.