Archived from groups: microsoft.public.windowsxp.security_admin (
More info?)
In order to share an encrypted file with multiple users, you must add each
user's EFS certificate to the file. You do that through Properties >
Advanced > Details > Add.
Thanks.
Pat
"Mike Brannigan [MSFT]" wrote:
> "unicorn" <unicorn@discussions.microsoft.com> wrote in message
> news:65B73F0D-1038-4713-8945-C2DED79FC4F1@microsoft.com...
> > Thankyou. I have another question which I think I need some assistance
> > please.
> >
> > Support for multiple users on folders in not provided in Windows XP but
> > EFS
> > does support file sharing between multiple users on a single file.
> >
> > As a practical example for the above I used:
> >
> > This diverse from Windows XP because EFS states that the users who will be
> > authorized to access the encrypted file must have EFS certificates. These
> > certificates can be located in roaming profiles or in the user profiles on
> > the computer on which the file to be shared is stored , or they can be
> > stored
> > in and retrieved from Active Directory.
> >
> > What do you think?
>
>
> You do not have EFS encrpytion on a folder.
> You may mark a folder as encrypted - you are actually just saying that all
> files within that folder are to be encrypted individually. As you can see if
> you look at the advanced attributes of an EFS "encrypted" folder the Details
> button is greyed out so you cannot add any other users to the folder. EFS
> functions at the file level.
>
> I'm sorry I do not understand your question but the method by which EFS file
> sharing is enabled and the locations of certificates etc is again all
> covered in Chapter 17 of the Windows XP Resource Kit Documentation.
>
> --
>
> Regards,
>
> Mike
> --
> Mike Brannigan [Microsoft]
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights
>
> Please note I cannot respond to e-mailed questions, please use these
> newsgroups
>
> "unicorn" <unicorn@discussions.microsoft.com> wrote in message
> news:65B73F0D-1038-4713-8945-C2DED79FC4F1@microsoft.com...
> > Thankyou. I have another question which I think I need some assistance
> > please.
> >
> > Support for multiple users on folders in not provided in Windows XP but
> > EFS
> > does support file sharing between multiple users on a single file.
> >
> > As a practical example for the above I used:
> >
> > This diverse from Windows XP because EFS states that the users who will be
> > authorized to access the encrypted file must have EFS certificates. These
> > certificates can be located in roaming profiles or in the user profiles on
> > the computer on which the file to be shared is stored , or they can be
> > stored
> > in and retrieved from Active Directory.
> >
> > What do you think?
> >
> > 10x
> >
> > unicorn
> >
> >
> > "Mike Brannigan [MSFT]" wrote:
> >
> >> "unicorn" <unicorn@discussions.microsoft.com> wrote in message
> >> news:34631876-5FEC-49AE-B068-0FF98943E54E@microsoft.com...
> >> > Hi,
> >> >
> >> > I need a practical example why the support for the use of groups on
> >> > encrypted files is not provided by EFS. I need this details to enrich
> >> > my
> >> > assignment.
> >> >
> >> > Thanks for your help.
> >>
> >> All covered in detail in Chapter 17 of the Windows XP Resource Kit
> >> Documentation.
> >> see
> >>
http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/Windows/XP/all/reskit/en-us/prnb_efs_qutx.asp
> >>
> >>
> >> Authorizing Multi-User Access to Encrypted Files
> >> Users can share encrypted files with other local, domain, and trusted
> >> domain
> >> users. Authorizing user access to encrypted files is a separate process
> >> from
> >> sharing files for network access by using share-level security and access
> >> control lists. Because there is no method to issue a certificate for a
> >> group, only individual user accounts can be authorized for access to an
> >> encrypted file. Groups cannot be authorized for access.
> >>
> >> You cannot issue a certificate to a group as certificates must be issued
> >> to
> >> security principles that represent an object that authenticates to the
> >> directory service (e.g users or machines - not groups)
> >>
> >>
> >> --
> >>
> >> Regards,
> >>
> >> Mike
> >> --
> >> Mike Brannigan [Microsoft]
> >>
> >> This posting is provided "AS IS" with no warranties, and confers no
> >> rights
> >>
> >> Please note I cannot respond to e-mailed questions, please use these
> >> newsgroups
> >>
> >> "unicorn" <unicorn@discussions.microsoft.com> wrote in message
> >> news:34631876-5FEC-49AE-B068-0FF98943E54E@microsoft.com...
> >> > Hi,
> >> >
> >> > I need a practical example why the support for the use of groups on
> >> > encrypted files is not provided by EFS. I need this details to enrich
> >> > my
> >> > assignment.
> >> >
> >> > Thanks for your help.
> >> >
> >> > unicorn
> >> >
> >> >
> >>
> >>
> >>
>
>
>