Saturday, December 08, 2012 5:03 PM
I have a Windows Server 2012 installation and i'm trying configure ADCS and EFS for encrypt a folder and share this folder with other computers in the network.
The main purpose is that only the computers with certificate efs installed can read/write the files protected with EFS, but when i try open any file encrypt in other computer in the workgroup, the file is opened correctly even if the certificate isn't installed yet.
How could I make a correct configuration of ADCS and EFS to work well?
What is the certificate that I have to export for import later on other computers?
Thanks you and regards.
- Edited by Alberto Cordero Saturday, December 08, 2012 5:04 PM
Saturday, December 08, 2012 6:19 PMI think, you should start from here: http://technet.microsoft.com/en-us/library/cc700811.aspx
- Proposed As Answer by K_evin ZhuMicrosoft Contingent Staff, Moderator Monday, December 10, 2012 2:27 AM
- Marked As Answer by K_evin ZhuMicrosoft Contingent Staff, Moderator Wednesday, December 12, 2012 2:26 AM
- Unmarked As Answer by Alberto Cordero Wednesday, December 12, 2012 9:13 PM
- Marked As Answer by Alberto Cordero Thursday, December 13, 2012 2:36 PM
Wednesday, December 12, 2012 2:26 AMModerator
As this thread has been quiet for a while, we will mark it as ‘Answered’ as the information provided should be helpful. If you need further help, please feel free to reply this post directly so we will be notified to follow it up. You can also choose to unmark the answer as you wish.
BTW, we’d love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems. Thanks for your understanding and efforts.
Wednesday, December 12, 2012 9:18 PM
I read many times this document, i configure, but when i try to open a document encrypted in a client computer without efs certificate, the document open correctly (but is slowly opening the document the first time, is not normal)
I want that only users or computer with efs certificate can open the document.
Thanks you for your help
Thursday, December 13, 2012 8:17 AMRead it again. Because it doesn't matter from which computer user opens encrypted file on remote system. Also, EFS certificates (in this case) are not stored on client computers, it is stored on a server which contains encrypted files.
- Proposed As Answer by Vadims PodansMVP Thursday, December 13, 2012 8:19 AM
Thursday, December 13, 2012 8:45 AM
Do you say me that the file is decrypted on server and not on the client computer (even when opening the file on another computer through shares resources)?
Thursday, December 13, 2012 10:23 AM
Thursday, December 13, 2012 11:48 AM
Yes, please **read** the document references. This is the way EFS has always worked (since Windows 2000).
This also means that the file is passed in the clear over the network wire to the client computer.
- Proposed As Answer by Vadims PodansMVP Thursday, December 13, 2012 1:36 PM
Thursday, December 13, 2012 1:34 PM
Just to add to Brian's answer. If you carefully read the provided link (especially this section: http://technet.microsoft.com/en-us/library/cc700811.aspx#XSLTsection129121120120 ) you will see that you have to use external measures to protect files during transmittion. You can use either (or both) IPsec or WebDAV with SSL-secured transport. Obviously this implies the fact that files are transmitted in plain text.
Thursday, December 13, 2012 2:39 PM
Thanks you all.