EFS Problems
We have a Server 2012 R2 file server with several department shares.
I wasn’t even aware we had EFS until recently I noticed one of the folders was in green text.
The issue is it seems a few users have been creating folders and right clicking and selecting encrypt.
Now, even I as the network administrator can’t gain access to these folders, only the person who created them.
When I check the security permissions I still have full permissions , but under encryption I’m only listed as a recovery user?
My question is how can I remove the encryption and and it make it so anything that gets encrypted I can still access?
Or should I be looking at a different product.
Cheers
Shaun
I wasn’t even aware we had EFS until recently I noticed one of the folders was in green text.
The issue is it seems a few users have been creating folders and right clicking and selecting encrypt.
Now, even I as the network administrator can’t gain access to these folders, only the person who created them.
When I check the security permissions I still have full permissions , but under encryption I’m only listed as a recovery user?
My question is how can I remove the encryption and and it make it so anything that gets encrypted I can still access?
Or should I be looking at a different product.
Cheers
Shaun
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
"even if users encrypt , as the IT manager (and senior management) I can override and or take ownership of" - and that is what you have now. You are configured as data recovery agent.
Bitlocker is for different needs, but sure, bitlocker can also be used and I would use it anywhere I can. It knows muti-keying, so admins have a recovery key and users get another key. They can be restricted to decrypt and so on.
Bitlocker is for different needs, but sure, bitlocker can also be used and I would use it anywhere I can. It knows muti-keying, so admins have a recovery key and users get another key. They can be restricted to decrypt and so on.
If it user or management data, you would also be thinking of enterprise backup as supposedly user data should not be accessible even by admin as it can be sensitive and there maybe strict access rule. Instead user can recover data if such solution exist. Minimally for file shares certain high risk file type should be restricted from uploading such as executables..
ASKER
I think I will disable EFS for now as it's too dangerous to let users have control over encrypting files which others users potentially need to access.
Would a solution like bitlocker be more suitable ? I need something that even if users encrypt , as the IT manager (and senior management) I can override and or take ownership of.