EFS activation

Archived from groups: microsoft.public.win2000.security (More info?)

hi all!

I have some laptop's and I want to activate EFS on all.
I can do this from Group Policy without physical access?

This laptops access network occasionally, when I need to install software or
....errors.
I create GP rules for security, software restriction policy ...and it's
successfully aplied.

I don't want to create an Certificates server, only domain administrator is
RA.


10x
Cezar
5 answers Last reply
More about activation
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    oh...sorry...I forget it....laptops are Xp with SP2...and servers w2k3 with
    sp1, active directory, dhcp...all works fine
    --
    Multumesc
    Cezar


    "Cezar" wrote:

    > hi all!
    >
    > I have some laptop's and I want to activate EFS on all.
    > I can do this from Group Policy without physical access?
    >
    > This laptops access network occasionally, when I need to install software or
    > ...errors.
    > I create GP rules for security, software restriction policy ...and it's
    > successfully aplied.
    >
    > I don't want to create an Certificates server, only domain administrator is
    > RA.
    >
    >
    > 10x
    > Cezar
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    Hi,

    This should help you out plan your EFS deployment.

    Encrypting File System in Windows XP and Windows Server 2003
    http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx

    --
    Mike
    Microsoft MVP - Windows Security

    "Cezar" <Cezar@discussions.microsoft.com> wrote in message
    news:D6202894-BC82-4E9D-AF7A-EEE433880236@microsoft.com...
    > hi all!
    >
    > I have some laptop's and I want to activate EFS on all.
    > I can do this from Group Policy without physical access?
    >
    > This laptops access network occasionally, when I need to install software
    > or
    > ...errors.
    > I create GP rules for security, software restriction policy ...and it's
    > successfully aplied.
    >
    > I don't want to create an Certificates server, only domain administrator
    > is
    > RA.
    >
    >
    > 10x
    > Cezar
  3. Archived from groups: microsoft.public.win2000.security (More info?)

    By default they should all ready be able to use EFS unless you restricted it
    with Group Policy or a registry mod on those computers. XP Pro computer do
    not require a RA. Be very careful with EFS and be sure to follow best
    practices. If the users are already using it and have no RA then their
    currently encrypted files will stay without a CA until they open them after
    a point in time when new Group Policy is in effect that dictates the RA.
    Also keep in mind as long as the users EFS private key is on their computer
    their EFS is only as strong as their user password. The first link below
    shows how EFS is disabled and enabled for EFS in XP Pro. I would also
    encourage users to backup their EFS private key and to keep it separate from
    their computer. --- Steve

    http://www.petri.co.il/disable_efs_in_windows_xp_2003.htm
    http://support.microsoft.com/default.aspx?scid=kb;EN-US;223316 --- EFS
    best practices

    "Cezar" <Cezar@discussions.microsoft.com> wrote in message
    news:D6202894-BC82-4E9D-AF7A-EEE433880236@microsoft.com...
    > hi all!
    >
    > I have some laptop's and I want to activate EFS on all.
    > I can do this from Group Policy without physical access?
    >
    > This laptops access network occasionally, when I need to install software
    > or
    > ...errors.
    > I create GP rules for security, software restriction policy ...and it's
    > successfully aplied.
    >
    > I don't want to create an Certificates server, only domain administrator
    > is
    > RA.
    >
    >
    > 10x
    > Cezar
  4. Archived from groups: microsoft.public.win2000.security (More info?)

    10x Miha, 10x Steven...

    I understand the information from this links but...still I have some
    problem...

    How I enable folder encryption ( ex. \My documents) on all laptops without
    access on them... from... Group Policy?
    Maybe with scripts or use chiper utility?

    --
    Multumesc
    Cezar


    "Cezar" wrote:

    > hi all!
    >
    > I have some laptop's and I want to activate EFS on all.
    > I can do this from Group Policy without physical access?
    >
    > This laptops access network occasionally, when I need to install software or
    > ...errors.
    > I create GP rules for security, software restriction policy ...and it's
    > successfully aplied.
    >
    > I don't want to create an Certificates server, only domain administrator is
    > RA.
    >
    >
    > 10x
    > Cezar
  5. Archived from groups: microsoft.public.win2000.security (More info?)

    You could use cipher utility (in e.g. logon script).

    --
    Mike
    Microsoft MVP - Windows Security

    "Cezar" <Cezar@discussions.microsoft.com> wrote in message
    news:13DC553D-FB7F-4B7C-B471-A80673AB93A2@microsoft.com...
    > 10x Miha, 10x Steven...
    >
    > I understand the information from this links but...still I have some
    > problem...
    >
    > How I enable folder encryption ( ex. \My documents) on all laptops without
    > access on them... from... Group Policy?
    > Maybe with scripts or use chiper utility?
    >
    > --
    > Multumesc
    > Cezar
    >
    >
    > "Cezar" wrote:
    >
    >> hi all!
    >>
    >> I have some laptop's and I want to activate EFS on all.
    >> I can do this from Group Policy without physical access?
    >>
    >> This laptops access network occasionally, when I need to install software
    >> or
    >> ...errors.
    >> I create GP rules for security, software restriction policy ...and it's
    >> successfully aplied.
    >>
    >> I don't want to create an Certificates server, only domain administrator
    >> is
    >> RA.
    >>
    >>
    >> 10x
    >> Cezar
Ask a new question

Read More

Laptops Policy Windows