Re: EFS...can it be given to a group or folder ..win2003
From: Drew Cooper [MSFT] (dcoop_at_online.microsoft.com)
Date: 03/08/04
- Next message: rob: "copying network shares"
- Previous message: anonymous_at_discussions.microsoft.com: "Distributed File System and Multiple Edits"
- In reply to: anonymous_at_discussions.microsoft.com: "Re: EFS...can it be given to a group or folder ..win2003"
- Next in thread: anonymous_at_discussions.microsoft.com: "Re: EFS...can it be given to a group or folder ..win2003"
- Reply: anonymous_at_discussions.microsoft.com: "Re: EFS...can it be given to a group or folder ..win2003"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 8 Mar 2004 12:46:06 -0800
Here's the EFS whitepaper. It ought to clear up any terminology problems:
http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx
If you have each of the users import a .pfx file containing the recovery
agent's certificate and private key, they will all be able to open/decrypt
one another's files.
If you don't want the users to be able to decrypt all files in your domain
you can put those users in their own OU (Organizational Unit in the Active
Directory) and make them all recovery agents for the OU. This is explained
a bit in the whitepaper.
-- Drew Cooper [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights. <anonymous@discussions.microsoft.com> wrote in message news:7cca01c40330$f0732cd0$a501280a@phx.gbl... > Maybe I am not an expert as you are. > Can you give me the steps for the workaround you are > talking about ? > I am trying to give a few domain users rights to > view/modify files that are created in an EFS folder by > another user. Possibly your solution may work, but then I > didn't comprehend what you said. > Thanks a bunch. > >-----Original Message----- > >This is what I mean by rights management: > >http://www.microsoft.com/windowsserver2003/technologies/ri > ghtsmgmt/default.mspx > > > >A workaround that some people use to do group encryption > with EFS is to put > >all of the users who will be sharing in the same OU and > give them all the RA > >certificate/key pair for that OU. That way when any of > them encrypts a > >file, all of the others can open/modify it. > >-- > >Drew Cooper [MSFT] > >This posting is provided "AS IS" with no warranties, and > confers no rights. > > > > > ><anonymous@discussions.microsoft.com> wrote in message > >news:478701c40251$03cd76e0$a601280a@phx.gbl... > >> Thanks for the reply. Can you send me some more detail > as > >> to what you mean my 'rights management'. > >> Are you saying that this can be done through 'Trusted > >> Certificates' ? > >> > >> >-----Original Message----- > >> >EFS sharing is for files only. It doesn't support any > >> kind of inheritance. > >> >When a file is created in a folder marked for > encryption, > >> it is encrypted by > >> >its creator. > >> > > >> >If you want groups to share encrypted materials, rights > >> management is > >> >probably a better Microsoft solution. > >> >-- > >> >Drew Cooper [MSFT] > >> >This posting is provided "AS IS" with no warranties, > and > >> confers no rights. > >> > > >> > > >> >"Santanu Mitra" <anonymous@discussions.microsoft.com> > >> wrote in message > >> >news:721901c4024b$385cb8e0$a001280a@phx.gbl... > >> >> I am trying to figure out if there is a way to give > >> >> multiple user (through windows domain group OR > >> indinidual) > >> >> rights to view/modify an encrypted folder. > >> >> I have figured out that I can do so on a file level > but > >> >> not on the folder. > >> >> Is there a way through domain policy or whatever ? > >> >> Thanks. > >> > > >> > > >> >. > >> > > > > > > >. > >
- Next message: rob: "copying network shares"
- Previous message: anonymous_at_discussions.microsoft.com: "Distributed File System and Multiple Edits"
- In reply to: anonymous_at_discussions.microsoft.com: "Re: EFS...can it be given to a group or folder ..win2003"
- Next in thread: anonymous_at_discussions.microsoft.com: "Re: EFS...can it be given to a group or folder ..win2003"
- Reply: anonymous_at_discussions.microsoft.com: "Re: EFS...can it be given to a group or folder ..win2003"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
