Re: Folder Redirection Data Encryption
anonymous_at_discussions.microsoft.com
Date: 07/15/04
- Next message: mattypee: "Re: Network Password Rest"
- Previous message: Greg Brewer: "Re: bridging"
- In reply to: Steven L Umbach: "Re: Folder Redirection Data Encryption"
- Next in thread: Steven L Umbach: "Re: Folder Redirection Data Encryption"
- Reply: Steven L Umbach: "Re: Folder Redirection Data Encryption"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 15 Jul 2004 12:35:27 -0700
With approximately 250 users having their documents
redirected to the server what type of performance does
this have on the network. Will user notice longer delays
when trying to access their documents?
>-----Original Message-----
>First the remote server must be trusted for delegation
in it's account properties in
>Active Directory users and Computers. Then it would be
best to logon and create a
>user profile on that server and either encrypt a file
there to generate a encryption
>certificate/private key or import your existing one into
that profile using a .pfx
>file by exporting your current EFS certificate/private
key. If you do not create a
>user profile on that server then a "mini" profile will
be created the first time you
>encrypt a file on it creating a EFS certificate/private
key in that profile. If you
>do that an use EFS on your desktop, you run the risk of
having two separate EFS
>certificate/keys that can be confusing and even lead to
loss of data in case of a
>computer problem. For instance if you decide to copy an
EFS file from the server to
>your desktop, the file will go over the network
unencrypted. If you encrypt it on
>your computer and seen it back to the server, it could
be decrypted by a totally
>different EFS certificate/private key if the same
certificate private key is not on
>your desktop and server. Efsinfo is a handy tool to
display what certificates/private
>keys can decrypt a EFS file.
>
>Be VERY careful with EFS as it is easy to lose access to
your own data if their is a
>problem. Always keep copies of your EFS
certificate/private key offline in a .pfx
>file in case of a problem - you must export your private
key also with the
>certificate. There is NO way to get your EFS data if all
your keys and recovery agent
>keys are destroyed due to corruption/operating system
failure/rebuild. XP Pro uses
>AES 256 encryption for EFS - strong stuff. Windows 2000
computers require a
>"recovery" agent in order to encrypt files while XP Pro
does not. In a domain I
>highly recommend that all users files be encrypted with
a recovery agent in place as
>users will be lax in EFS procedures. See the links below
for more info. -- Steve
>
>http://support.microsoft.com/default.aspx?scid=kb;en-
us;320044
>http://support.microsoft.com/default.aspx?scid=kb;EN-
US;223316 -- a must read for
>anyone considering EFS.
>http://www.microsoft.com/resources/documentation/windows/
2000/server/reskit/en-us/distsys/wsrvdsys.mspx
> -- more detailed info.
>
><anonymous@discussions.microsoft.com> wrote in message
>news:2da1301c469f2$2302e190$a301280a@phx.gbl...
>> I want to implement Group police folder redirection to
>> store my documents folder on the server, but I would
like
>> to encrypted files and folder as they are access across
>> the network. What is the best way to encrypt this
>> information? Windows AD 2000 server 2000 Pro and XP
>> clients.
>
>
>.
>
- Next message: mattypee: "Re: Network Password Rest"
- Previous message: Greg Brewer: "Re: bridging"
- In reply to: Steven L Umbach: "Re: Folder Redirection Data Encryption"
- Next in thread: Steven L Umbach: "Re: Folder Redirection Data Encryption"
- Reply: Steven L Umbach: "Re: Folder Redirection Data Encryption"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
