|
Posted by Lorenzo Soncini on May 24, 2008, 4:33 am
Please log in for more thread options There is some solution (not manually solutions) to share encripted file to
some users?
Thanks
Lorenzo
> EFS is not designed for your solution.
> It is user based, not group based.
> GIving the recovery agent certificate and private key to users is about
> the worst/stupidest (seriously, give away the ability to open *any* EFS
> encrypted files!!!!) idea I have seen in some time.
> Now, with Windows Vista and WIndows Server 2008, the behavior of EFS
> changes.
> You may be able to use remote EFS in this scenario with Credential Roaming
> SErvices.
> But you would still have to individually add users and their certificates.
> Brian
>
>> You tell me all corect thing. I have readed and know the official
>> solution....but I have many file and do the work manually is an hard
>> work.
>> I think my is tipacally working scenario.
>>
>> The only usable solution is use the Recovery Agent.
>> If someone have other solutions....
>>
>> Lorenzo Soncini
>>
>>> EFS is for protecting local information. In your scenario, the file gets
>>> decrypted on the file server and sent to the client in clear, with no
>>> guarrantee of any protection whatsoever (unless everybody in HR is using
>>> Bitlocker). And because you're creating many recovery agents, the
>>> secrecy deteriorates while you have to manage recovery agents etcetera.
>>> Correct me if I'm incorrect but IT people also will have access to the
>>> information or the backup sets.
>>>
>>> I would concentrate on protecting local access to the server console and
>>> maintaining the share ACLs.
>>>
>>> Side note: MS guidelines for sharing access to EFS are in the
>>> Server 2003)
>>>
>>>
>>> --
>>> Svyatoslav Pidgorny, MS MVP - Security, MCSE
>>> -= F1 is the key =-
>>>
>>> * http://sl.mvps.org * http://msmvps.com/blogs/sp *
>>>
>>>
>>>> Hi,
>>>> I need to use EFS on a shared folder of my file server. For grant
>>>> access to many people to the file in folder I have created many EFS
>>>> Recovery Agent.
>>>> All work fine if I use a local file system, but on the file sever only
>>>> the user who have encrypted the file can access to it and not the EFS
>>>> Recovery agent.
>>>>
>>>> Other question:
>>>> Is possible store the User Certificate for EFS on AD so if one user
>>>> logon on different computer can always access encrypeted file?
>>>>
>>>> The scenario:
>>>> In a company the Human Resource Office (HR) need EFS for the
>>>> reservation of sensitive information about employees. But all the
>>>> employees of the HRO need to access this information. Is not applicable
>>>> the solution to manually add all user on the property of EFS in all
>>>> encrypted file.
>>>>
>>>> Thanks
>>>> Lorenzo Soncini
>>>
>>>
>
| 
XML Sitemap