Sign in
 
HomeWindows Server 2012Windows Server 2008 R2Windows Server 2003LibraryForums
Windows Server TechCenter >
EFS Folder

Answered EFS Folder

  • Saturday, December 08, 2012 5:03 PM
     
     
    Sign In to Vote
    0

    Hi.
    I have a Windows Server 2012 installation and i'm trying configure ADCS and EFS for encrypt a folder and share this folder with other computers in the network.

    The main purpose is that only the computers with certificate efs installed can read/write the files protected with EFS, but when i try open any file encrypt in other computer in the workgroup, the file is opened correctly even if the certificate isn't installed yet.

    How could I make a correct configuration of ADCS and EFS to work well?

    What is the certificate that I have to export for import later on other computers?

    Thanks you and regards.


     

All Replies

  • Saturday, December 08, 2012 6:19 PM
     
     Answered
    Sign In to Vote
    0
    I think, you should start from here: http://technet.microsoft.com/en-us/library/cc700811.aspx

    My weblog: http://en-us.sysadmins.lv
    PowerShell PKI Module: http://pspki.codeplex.com
    Check out new: PowerShell FCIV tool.

     
  • Wednesday, December 12, 2012 2:26 AM
    Moderator
     
     
    Sign In to Vote
    0

    Hi,

    As this thread has been quiet for a while, we will mark it as ‘Answered’ as the information provided should be helpful. If you need further help, please feel free to reply this post directly so we will be notified to follow it up. You can also choose to unmark the answer as you wish.

    BTW, we’d love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems. Thanks for your understanding and efforts.

    Best Regards

    Kevin

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.

           
     
  • Wednesday, December 12, 2012 9:18 PM
     
     
    Sign In to Vote
    0

    Hi.

    I read many times this document, i configure, but when i try to open a document encrypted in a client computer without efs certificate, the document open correctly (but is slowly opening the document the first time, is not normal)

    I want that only users or computer with efs certificate can open the document.

    Thanks you for your help

     
  • Thursday, December 13, 2012 8:17 AM
     
     Proposed
    Sign In to Vote
    0
    Read it again. Because it doesn't matter from which computer user opens encrypted file on remote system. Also, EFS certificates (in this case) are not stored on client computers, it is stored on a server which contains encrypted files.

    My weblog: http://en-us.sysadmins.lv
    PowerShell PKI Module: http://pspki.codeplex.com
    Check out new: PowerShell FCIV tool.

     
  • Thursday, December 13, 2012 8:45 AM
     
     
    Sign In to Vote
    0

    Do you say me that the file is decrypted on server and not on the client computer (even when opening the file on another computer through shares resources)?

    Thanks

     
  • Thursday, December 13, 2012 10:23 AM
     
     
    Sign In to Vote
    0

    > Do you say me that the file is decrypted on server and not on the client computer (even when opening the file on another computer through shares resources)?

    exactly.

    My weblog: http://en-us.sysadmins.lv
    PowerShell PKI Module: http://pspki.codeplex.com
    Check out new: PowerShell FCIV tool.

     
  • Thursday, December 13, 2012 11:48 AM
     
     Proposed
    Sign In to Vote
    0

    Yes, please **read** the document references. This is the way EFS has always worked (since Windows 2000).

    This also means that the file is passed in the clear over the network wire to the client computer.

    Brian

     
  • Thursday, December 13, 2012 1:34 PM
     
     
    Sign In to Vote
    0

    Just to add to Brian's answer. If you carefully read the provided link (especially this section: http://technet.microsoft.com/en-us/library/cc700811.aspx#XSLTsection129121120120 ) you will see that you have to use external measures to protect files during transmittion. You can use either (or both) IPsec or WebDAV with SSL-secured transport. Obviously this implies the fact that files are transmitted in plain text.

    My weblog: http://en-us.sysadmins.lv
    PowerShell PKI Module: http://pspki.codeplex.com
    Check out new: PowerShell FCIV tool.

     
  • Thursday, December 13, 2012 2:39 PM
     
     
    Sign In to Vote
    0

    Thanks you all.

    Regards