implementing EFS questions?

I have 4 DCs running Win2012 R2 and workstations 8.1 Pro. I need to implement EFS on a folder for File Server running Win2012. I noticed that my DCs are not running Active Directory Certificate Services. Do I need to install this first before implementation? if so this must run on all DCs? Please advise.
Faust RomeroIT Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Shaun VermaakTechnical SpecialistCommented:
Yes, you need to install it first to enable DRA certificate.
It depends on your design but you only need one enterprise CA
Faust RomeroIT Author Commented:
can i have two Active Directory Certificate services. One on my Primary Site, and another on my Backup Site? will this not create any issues on my domain? what are the possible issues i can have by implementing EFS?
Shaun VermaakTechnical SpecialistCommented:
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Faust RomeroIT Author Commented:
LVL 39. if one user (User A) encrypt a folder "X". I have other questions:

1)How can another user (User B) with same privilege on domain be able to see encrypted folder "X"? Does only original user (User A) can decrypt folder "X"?

2) what happens when the User A, sends Files encrypted via email to other users outside the organization? are these encrypted files?

3) What happens with encrypted folder "X"  if User-A leave the organization?

Thanks.
Shaun VermaakTechnical SpecialistCommented:
1)How can another user (User B) with same privilege on domain be able to see encrypted folder "X"? Does only original user (User A) can decrypt folder "X"?
Each of these users need to have the certificate imported to access data

2) what happens when the User A, sends Files encrypted via email to other users outside the organization? are these encrypted files?
Receipt receives as unencrypted

3) What happens with encrypted folder "X"  if User-A leave the organization?
You use the DRA user to decrypt the data

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Faust RomeroIT Author Commented:
LVL39. Last question I do not have Enterprise Edition for Win2012-R2, so I will not be able to configure Fail-over-Cluster for CA. What i need to know is. I have two sites. Site1 and Site2. All Domain Controllers are Global Catalogs and all replicate to one another. I have two Domain Controllers per site. In total i have 4 domain controllers.
So if I configure a CA, CA can only be one server correct?
 If i add a Subordinate CA that will give me and HA? i wondering in case my WAN LINK GOES DOWN. What do you recommend?
Thanks a lot.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.