Re: EFS...can it be given to a group or folder ..win2003

anonymous_at_discussions.microsoft.com
Date: 03/15/04

Next message: John Rawson(nospam): "Re: NT4 Client drive mappings to W2K3 member server in NT4 Domain"
Previous message: John M.: "missing file" export shell 32 dll""
In reply to: Drew Cooper [MSFT]: "Re: EFS...can it be given to a group or folder ..win2003"
Next in thread: Drew Cooper [MSFT]: "Re: EFS...can it be given to a group or folder ..win2003"
Reply: Drew Cooper [MSFT]: "Re: EFS...can it be given to a group or folder ..win2003"
Messages sorted by: [ date ] [ thread ]

Date: Mon, 15 Mar 2004 13:20:17 -0800

Where do you get the ".pfx" from?

>-----Original Message-----
>Here's the EFS whitepaper. It ought to clear up any
terminology problems:
>http://www.microsoft.com/technet/prodtechnol/winxppro/dep
loy/cryptfs.mspx
>
>If you have each of the users import a .pfx file
containing the recovery
>agent's certificate and private key, they will all be
able to open/decrypt
>one another's files.
>If you don't want the users to be able to decrypt all
files in your domain
>you can put those users in their own OU (Organizational
Unit in the Active
>Directory) and make them all recovery agents for the
OU. This is explained
>a bit in the whitepaper.
>--
>Drew Cooper [MSFT]
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>
>
><anonymous@discussions.microsoft.com> wrote in message
>news:7cca01c40330$f0732cd0$a501280a@phx.gbl...
>> Maybe I am not an expert as you are.
>> Can you give me the steps for the workaround you are
>> talking about ?
>> I am trying to give a few domain users rights to
>> view/modify files that are created in an EFS folder by
>> another user. Possibly your solution may work, but
then I
>> didn't comprehend what you said.
>> Thanks a bunch.
>> >-----Original Message-----
>> >This is what I mean by rights management:
>>
>http://www.microsoft.com/windowsserver2003/technologies/r
i
>> ghtsmgmt/default.mspx
>> >
>> >A workaround that some people use to do group
encryption
>> with EFS is to put
>> >all of the users who will be sharing in the same OU
and
>> give them all the RA
>> >certificate/key pair for that OU. That way when any
of
>> them encrypts a
>> >file, all of the others can open/modify it.
>> >--
>> >Drew Cooper [MSFT]
>> >This posting is provided "AS IS" with no warranties,
and
>> confers no rights.
>> >
>> >
>> ><anonymous@discussions.microsoft.com> wrote in message
>> >news:478701c40251$03cd76e0$a601280a@phx.gbl...
>> >> Thanks for the reply. Can you send me some more
detail
>> as
>> >> to what you mean my 'rights management'.
>> >> Are you saying that this can be done
through 'Trusted
>> >> Certificates' ?
>> >>
>> >> >-----Original Message-----
>> >> >EFS sharing is for files only. It doesn't support
any
>> >> kind of inheritance.
>> >> >When a file is created in a folder marked for
>> encryption,
>> >> it is encrypted by
>> >> >its creator.
>> >> >
>> >> >If you want groups to share encrypted materials,
rights
>> >> management is
>> >> >probably a better Microsoft solution.
>> >> >--
>> >> >Drew Cooper [MSFT]
>> >> >This posting is provided "AS IS" with no
warranties,
>> and
>> >> confers no rights.
>> >> >
>> >> >
>> >> >"Santanu Mitra"
<anonymous@discussions.microsoft.com>
>> >> wrote in message
>> >> >news:721901c4024b$385cb8e0$a001280a@phx.gbl...
>> >> >> I am trying to figure out if there is a way to
give
>> >> >> multiple user (through windows domain group OR
>> >> indinidual)
>> >> >> rights to view/modify an encrypted folder.
>> >> >> I have figured out that I can do so on a file
level
>> but
>> >> >> not on the folder.
>> >> >> Is there a way through domain policy or
whatever ?
>> >> >> Thanks.
>> >> >
>> >> >
>> >> >.
>> >> >
>> >
>> >
>> >.
>> >
>
>
>.
>

Next message: John Rawson(nospam): "Re: NT4 Client drive mappings to W2K3 member server in NT4 Domain"
Previous message: John M.: "missing file" export shell 32 dll""
In reply to: Drew Cooper [MSFT]: "Re: EFS...can it be given to a group or folder ..win2003"
Next in thread: Drew Cooper [MSFT]: "Re: EFS...can it be given to a group or folder ..win2003"
Reply: Drew Cooper [MSFT]: "Re: EFS...can it be given to a group or folder ..win2003"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: EFS...can it be given to a group or folder ..win2003
... A workaround that some people use to do group encryption with EFS is to put ... This posting is provided "AS IS" with no warranties, and confers no rights. ... > to what you mean my 'rights management'. ...
(microsoft.public.windows.file_system)
Re: Storage Feature Pack and LUKS encryption
... And what is your windows server question??????????? ... This posting is provided "AS IS" with no warranties, and confers no rights. ... What I'm really curious about is if it will be compatible with LUKS ... IMHO this is also the biggest problem holding back encryption on USB ...
(microsoft.public.windows.server.general)
Re: Issues with SSL on Win CE 5.0
... creating the .pfx file, the private keys need to be marked as exportable so ... This posting is provided "AS IS" with no warranties, and confers no rights. ... the server certificate you're trying to add is present under ... and tell the web server to use it. ...
(microsoft.public.windowsce.embedded)
Re: EFS...can it be given to a group or folder ..win2003
... Here's the EFS whitepaper. ... Directory) and make them all recovery agents for the OU. ... This posting is provided "AS IS" with no warranties, and confers no rights. ... >>A workaround that some people use to do group encryption ...
(microsoft.public.windows.file_system)
Re: EFS...can it be given to a group or folder ..win2003
... Can you give me the steps for the workaround you are ... I am trying to give a few domain users rights to ... >A workaround that some people use to do group encryption ... >> to what you mean my 'rights management'. ...
(microsoft.public.windows.file_system)