|
Posted by Roger Abell [MVP] on October 16, 2007, 10:56 pm
Please log in for more thread options Hi Steve (long time!!)
I believe you are correct, re EFS being file based.
I think the solution in this case might be to have the
first account, that writes the file, use the api to add
the other account after creating the file, or to run the
second process using the same account, or have a
process running as file writing account that events
on files being added to specific locations and then
does the adding of the second account.
Roger
> Hey Steve.
>
> My understanding is that this has to be done at the file level and can not
> be done at the folder level so that a particular user is added to every
> file that is placed in that folder for encryption. If there is a way to do
> it at the folder level please let me know.
>
> Maybe in this case for the OP the user account that needs to open the
> files could be a RA??
>
> As always thanks for your help.
>
> Steve
>
>
>> EFS in Windows 2000 did support multiple users, but only through the
>> API -- there was no UI for it. XP and 2003 have a UI that allows you to
>> add multiple users to an EFS-protected file or folder. See
>> http://www.microsoft.com/windowsxp/using/security/expert/sharefilesefs.mspx.
>>
>> --
>> Steve Riley
>> steve.riley@microsoft.com
>> http://blogs.technet.com/steriley
>> http://www.protectyourwindowsnetwork.com
>>
>>
>>> I've read that Win 2k server does not support multiple users accessing
>>> files that have been saved in an encrypted folder. Does Win Server
>>> 2k3? I will have several files a day being saved by an automated user
>>> to an encrypted folder and I will have another automated user opening
>>> (and decrypting) those files also several times a day. I can't have
>>> some person sitting at a machine looking for new files and right
>>> clicking on each new file and adding permissions for the 2nd user .
>>> SO I'm hoping that Win 2k3 supports multiple users on encrypted
>>> folders.
>>> Thanks
>>>
>
>
| 
XML Sitemap