none
Using EFS encryption for only one machine in AD RRS feed

  • Question

  • Hi all,
    I would like to ask if I can create a specific local group policy to use the EFS encryption function for only one machine under AD.
    Is this feasible? 

    1st Try (Failed)

    1) Local Group Policy Editor
    2) Computer Configuration --> Security Settings --> Public Key Polices --> Encrypting File Systems
    3) Tried "Create DRA" but fail.  Popup with "Windows cant create DRA.  The permission on the certificate template..."

    2nd Try (Failed)

    1) Create registry key "NtfsDisableEncryption" with value 0 under "HKLM\System\CurrentControlSet\Polices

    Thanks for the helping.

    Monday, September 9, 2019 6:24 AM

All replies

  • Hello,

    Thank you for posting in our TechNet forum.

    According to our description, we can try to set the following local group policy:

    1) Local Group Policy Editor
    2) Navigate to Computer Configuration --> Security Settings --> Public Key Polices --> Encrypting File Systems
    3)Right click Encrypting File Systems and select Properties.




    4) On General tab, set as below:



    5) After that, we all the files in Documents we created or copied will be encrypted.





    For first try, if we have CA server in our domain, we can use first method.

    For second try, we can refer to the article Do not allow encryption on all NTFS volumes.



    Tip: This answer contains the content of a third-party website. Microsoft makes no representations about the content of these websites. We provide this content only for your convenience.




    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, September 10, 2019 9:55 AM
    Moderator
  • Hi,
    If this question has any update or is this issue solved? Also, for the question, is there any other assistance we could provide?



    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, September 12, 2019 12:58 AM
    Moderator
  • Hi,
    Would you please tell me how things are going on your side. If you have any questions or concerns about the information I provided, please don't hesitate to let us know. 
     
    Again thanks for your time and have a nice day!



    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, September 16, 2019 1:25 AM
    Moderator