RE: EFS, Shared Folder, Authorise on a PER FILE BASIS!?

Can you not create a Global Security Group and add all members that you want
to have access to that group? Then apply permissions to the group?

"SteveB" wrote:

> Hello,
>
> I have an SBS2k3 Server and lots of XP Pro desktop clients. I have a shared
> folder on that server accessible to network users; it holds sensitive company
> data. Logged on via RDP as Administrator, I have encrypted the shared folder.
> It now appears green in the folder list. None of my network users can now
> open any of the the files ("Access Denied" type messages).
>
> Everything I read about "sharing EFS encrypted files with network users"
> involves using the "Details" button and adding each respective user. My
> problem is...are you telling me I have to authorise every network user on a
> PER FILE BASIS?! The "Details" button under Folder/File Properties ->
> Advanced is disabled if you select a folder/multiple files. Why can't I do
> this on a folder level!.
>
> I have confirmed this is a certificate/EFS related problem because I added
> one user (via the EFS -> Details -> "Users who can transparently access this
> file" option), to one encrypted file and they were able to open it fine over
> the network.
>
> Please tell me there is somewhere you can include/specify a group of
> authorised domain users access to a shared, encrypted folder. If not, how is
> this a manageable solution when you're dealing with 100000's of files and
> 100000's of users?!.
>
> Is there some light in the "Trusted People" folder of the certificates MMC
> snap-in??.
>
> Sorry to sound a little angst-ridden, but I can't find anything, anywhere to
> explain this process or its feasibility in detail. I have read a few postings
> and peope conclude EFS is not "manageable" in network situations...
>
> T.I.A
>
> Steve B.
.