Sign in with
Sign up | Sign in
Your question

Encrypting File System - EFS in Win XP

Last response: in Windows XP
Share
January 17, 2005 8:23:03 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hi,

I need a practical example why the support for the use of groups on
encrypted files is not provided by EFS. I need this details to enrich my
assignment.

Thanks for your help.

unicorn
Anonymous
a b 8 Security
January 17, 2005 4:44:03 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

"unicorn" <unicorn@discussions.microsoft.com> wrote in message
news:34631876-5FEC-49AE-B068-0FF98943E54E@microsoft.com...
> Hi,
>
> I need a practical example why the support for the use of groups on
> encrypted files is not provided by EFS. I need this details to enrich my
> assignment.
>
> Thanks for your help.

All covered in detail in Chapter 17 of the Windows XP Resource Kit
Documentation.
see
http://www.microsoft.com/resources/documentation/Window...


Authorizing Multi-User Access to Encrypted Files
Users can share encrypted files with other local, domain, and trusted domain
users. Authorizing user access to encrypted files is a separate process from
sharing files for network access by using share-level security and access
control lists. Because there is no method to issue a certificate for a
group, only individual user accounts can be authorized for access to an
encrypted file. Groups cannot be authorized for access.

You cannot issue a certificate to a group as certificates must be issued to
security principles that represent an object that authenticates to the
directory service (e.g users or machines - not groups)


--

Regards,

Mike
--
Mike Brannigan [Microsoft]

This posting is provided "AS IS" with no warranties, and confers no
rights

Please note I cannot respond to e-mailed questions, please use these
newsgroups

"unicorn" <unicorn@discussions.microsoft.com> wrote in message
news:34631876-5FEC-49AE-B068-0FF98943E54E@microsoft.com...
> Hi,
>
> I need a practical example why the support for the use of groups on
> encrypted files is not provided by EFS. I need this details to enrich my
> assignment.
>
> Thanks for your help.
>
> unicorn
>
>
January 17, 2005 4:44:04 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Thankyou. I have another question which I think I need some assistance please.

Support for multiple users on folders in not provided in Windows XP but EFS
does support file sharing between multiple users on a single file.

As a practical example for the above I used:

This diverse from Windows XP because EFS states that the users who will be
authorized to access the encrypted file must have EFS certificates. These
certificates can be located in roaming profiles or in the user profiles on
the computer on which the file to be shared is stored , or they can be stored
in and retrieved from Active Directory.

What do you think?

10x

unicorn


"Mike Brannigan [MSFT]" wrote:

> "unicorn" <unicorn@discussions.microsoft.com> wrote in message
> news:34631876-5FEC-49AE-B068-0FF98943E54E@microsoft.com...
> > Hi,
> >
> > I need a practical example why the support for the use of groups on
> > encrypted files is not provided by EFS. I need this details to enrich my
> > assignment.
> >
> > Thanks for your help.
>
> All covered in detail in Chapter 17 of the Windows XP Resource Kit
> Documentation.
> see
> http://www.microsoft.com/resources/documentation/Window...
>
>
> Authorizing Multi-User Access to Encrypted Files
> Users can share encrypted files with other local, domain, and trusted domain
> users. Authorizing user access to encrypted files is a separate process from
> sharing files for network access by using share-level security and access
> control lists. Because there is no method to issue a certificate for a
> group, only individual user accounts can be authorized for access to an
> encrypted file. Groups cannot be authorized for access.
>
> You cannot issue a certificate to a group as certificates must be issued to
> security principles that represent an object that authenticates to the
> directory service (e.g users or machines - not groups)
>
>
> --
>
> Regards,
>
> Mike
> --
> Mike Brannigan [Microsoft]
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights
>
> Please note I cannot respond to e-mailed questions, please use these
> newsgroups
>
> "unicorn" <unicorn@discussions.microsoft.com> wrote in message
> news:34631876-5FEC-49AE-B068-0FF98943E54E@microsoft.com...
> > Hi,
> >
> > I need a practical example why the support for the use of groups on
> > encrypted files is not provided by EFS. I need this details to enrich my
> > assignment.
> >
> > Thanks for your help.
> >
> > unicorn
> >
> >
>
>
>
Related resources
Anonymous
a b 8 Security
January 17, 2005 7:30:52 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

"unicorn" <unicorn@discussions.microsoft.com> wrote in message
news:65B73F0D-1038-4713-8945-C2DED79FC4F1@microsoft.com...
> Thankyou. I have another question which I think I need some assistance
> please.
>
> Support for multiple users on folders in not provided in Windows XP but
> EFS
> does support file sharing between multiple users on a single file.
>
> As a practical example for the above I used:
>
> This diverse from Windows XP because EFS states that the users who will be
> authorized to access the encrypted file must have EFS certificates. These
> certificates can be located in roaming profiles or in the user profiles on
> the computer on which the file to be shared is stored , or they can be
> stored
> in and retrieved from Active Directory.
>
> What do you think?


You do not have EFS encrpytion on a folder.
You may mark a folder as encrypted - you are actually just saying that all
files within that folder are to be encrypted individually. As you can see if
you look at the advanced attributes of an EFS "encrypted" folder the Details
button is greyed out so you cannot add any other users to the folder. EFS
functions at the file level.

I'm sorry I do not understand your question but the method by which EFS file
sharing is enabled and the locations of certificates etc is again all
covered in Chapter 17 of the Windows XP Resource Kit Documentation.

--

Regards,

Mike
--
Mike Brannigan [Microsoft]

This posting is provided "AS IS" with no warranties, and confers no
rights

Please note I cannot respond to e-mailed questions, please use these
newsgroups

"unicorn" <unicorn@discussions.microsoft.com> wrote in message
news:65B73F0D-1038-4713-8945-C2DED79FC4F1@microsoft.com...
> Thankyou. I have another question which I think I need some assistance
> please.
>
> Support for multiple users on folders in not provided in Windows XP but
> EFS
> does support file sharing between multiple users on a single file.
>
> As a practical example for the above I used:
>
> This diverse from Windows XP because EFS states that the users who will be
> authorized to access the encrypted file must have EFS certificates. These
> certificates can be located in roaming profiles or in the user profiles on
> the computer on which the file to be shared is stored , or they can be
> stored
> in and retrieved from Active Directory.
>
> What do you think?
>
> 10x
>
> unicorn
>
>
> "Mike Brannigan [MSFT]" wrote:
>
>> "unicorn" <unicorn@discussions.microsoft.com> wrote in message
>> news:34631876-5FEC-49AE-B068-0FF98943E54E@microsoft.com...
>> > Hi,
>> >
>> > I need a practical example why the support for the use of groups on
>> > encrypted files is not provided by EFS. I need this details to enrich
>> > my
>> > assignment.
>> >
>> > Thanks for your help.
>>
>> All covered in detail in Chapter 17 of the Windows XP Resource Kit
>> Documentation.
>> see
>> http://www.microsoft.com/resources/documentation/Window...
>>
>>
>> Authorizing Multi-User Access to Encrypted Files
>> Users can share encrypted files with other local, domain, and trusted
>> domain
>> users. Authorizing user access to encrypted files is a separate process
>> from
>> sharing files for network access by using share-level security and access
>> control lists. Because there is no method to issue a certificate for a
>> group, only individual user accounts can be authorized for access to an
>> encrypted file. Groups cannot be authorized for access.
>>
>> You cannot issue a certificate to a group as certificates must be issued
>> to
>> security principles that represent an object that authenticates to the
>> directory service (e.g users or machines - not groups)
>>
>>
>> --
>>
>> Regards,
>>
>> Mike
>> --
>> Mike Brannigan [Microsoft]
>>
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights
>>
>> Please note I cannot respond to e-mailed questions, please use these
>> newsgroups
>>
>> "unicorn" <unicorn@discussions.microsoft.com> wrote in message
>> news:34631876-5FEC-49AE-B068-0FF98943E54E@microsoft.com...
>> > Hi,
>> >
>> > I need a practical example why the support for the use of groups on
>> > encrypted files is not provided by EFS. I need this details to enrich
>> > my
>> > assignment.
>> >
>> > Thanks for your help.
>> >
>> > unicorn
>> >
>> >
>>
>>
>>
Anonymous
a b 8 Security
January 17, 2005 7:30:53 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

In order to share an encrypted file with multiple users, you must add each
user's EFS certificate to the file. You do that through Properties >
Advanced > Details > Add.

Thanks.
Pat

"Mike Brannigan [MSFT]" wrote:

> "unicorn" <unicorn@discussions.microsoft.com> wrote in message
> news:65B73F0D-1038-4713-8945-C2DED79FC4F1@microsoft.com...
> > Thankyou. I have another question which I think I need some assistance
> > please.
> >
> > Support for multiple users on folders in not provided in Windows XP but
> > EFS
> > does support file sharing between multiple users on a single file.
> >
> > As a practical example for the above I used:
> >
> > This diverse from Windows XP because EFS states that the users who will be
> > authorized to access the encrypted file must have EFS certificates. These
> > certificates can be located in roaming profiles or in the user profiles on
> > the computer on which the file to be shared is stored , or they can be
> > stored
> > in and retrieved from Active Directory.
> >
> > What do you think?
>
>
> You do not have EFS encrpytion on a folder.
> You may mark a folder as encrypted - you are actually just saying that all
> files within that folder are to be encrypted individually. As you can see if
> you look at the advanced attributes of an EFS "encrypted" folder the Details
> button is greyed out so you cannot add any other users to the folder. EFS
> functions at the file level.
>
> I'm sorry I do not understand your question but the method by which EFS file
> sharing is enabled and the locations of certificates etc is again all
> covered in Chapter 17 of the Windows XP Resource Kit Documentation.
>
> --
>
> Regards,
>
> Mike
> --
> Mike Brannigan [Microsoft]
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights
>
> Please note I cannot respond to e-mailed questions, please use these
> newsgroups
>
> "unicorn" <unicorn@discussions.microsoft.com> wrote in message
> news:65B73F0D-1038-4713-8945-C2DED79FC4F1@microsoft.com...
> > Thankyou. I have another question which I think I need some assistance
> > please.
> >
> > Support for multiple users on folders in not provided in Windows XP but
> > EFS
> > does support file sharing between multiple users on a single file.
> >
> > As a practical example for the above I used:
> >
> > This diverse from Windows XP because EFS states that the users who will be
> > authorized to access the encrypted file must have EFS certificates. These
> > certificates can be located in roaming profiles or in the user profiles on
> > the computer on which the file to be shared is stored , or they can be
> > stored
> > in and retrieved from Active Directory.
> >
> > What do you think?
> >
> > 10x
> >
> > unicorn
> >
> >
> > "Mike Brannigan [MSFT]" wrote:
> >
> >> "unicorn" <unicorn@discussions.microsoft.com> wrote in message
> >> news:34631876-5FEC-49AE-B068-0FF98943E54E@microsoft.com...
> >> > Hi,
> >> >
> >> > I need a practical example why the support for the use of groups on
> >> > encrypted files is not provided by EFS. I need this details to enrich
> >> > my
> >> > assignment.
> >> >
> >> > Thanks for your help.
> >>
> >> All covered in detail in Chapter 17 of the Windows XP Resource Kit
> >> Documentation.
> >> see
> >> http://www.microsoft.com/resources/documentation/Window...
> >>
> >>
> >> Authorizing Multi-User Access to Encrypted Files
> >> Users can share encrypted files with other local, domain, and trusted
> >> domain
> >> users. Authorizing user access to encrypted files is a separate process
> >> from
> >> sharing files for network access by using share-level security and access
> >> control lists. Because there is no method to issue a certificate for a
> >> group, only individual user accounts can be authorized for access to an
> >> encrypted file. Groups cannot be authorized for access.
> >>
> >> You cannot issue a certificate to a group as certificates must be issued
> >> to
> >> security principles that represent an object that authenticates to the
> >> directory service (e.g users or machines - not groups)
> >>
> >>
> >> --
> >>
> >> Regards,
> >>
> >> Mike
> >> --
> >> Mike Brannigan [Microsoft]
> >>
> >> This posting is provided "AS IS" with no warranties, and confers no
> >> rights
> >>
> >> Please note I cannot respond to e-mailed questions, please use these
> >> newsgroups
> >>
> >> "unicorn" <unicorn@discussions.microsoft.com> wrote in message
> >> news:34631876-5FEC-49AE-B068-0FF98943E54E@microsoft.com...
> >> > Hi,
> >> >
> >> > I need a practical example why the support for the use of groups on
> >> > encrypted files is not provided by EFS. I need this details to enrich
> >> > my
> >> > assignment.
> >> >
> >> > Thanks for your help.
> >> >
> >> > unicorn
> >> >
> >> >
> >>
> >>
> >>
>
>
>
!