EFS activation
Last response: in Windows 2000/NT
Archived from groups: microsoft.public.win2000.security (More info?)
hi all!
I have some laptop's and I want to activate EFS on all.
I can do this from Group Policy without physical access?
This laptops access network occasionally, when I need to install software or
....errors.
I create GP rules for security, software restriction policy ...and it's
successfully aplied.
I don't want to create an Certificates server, only domain administrator is
RA.
10x
Cezar
hi all!
I have some laptop's and I want to activate EFS on all.
I can do this from Group Policy without physical access?
This laptops access network occasionally, when I need to install software or
....errors.
I create GP rules for security, software restriction policy ...and it's
successfully aplied.
I don't want to create an Certificates server, only domain administrator is
RA.
10x
Cezar
More about : efs activation
Archived from groups: microsoft.public.win2000.security (More info?)
oh...sorry...I forget it....laptops are Xp with SP2...and servers w2k3 with
sp1, active directory, dhcp...all works fine
--
Multumesc
Cezar
"Cezar" wrote:
> hi all!
>
> I have some laptop's and I want to activate EFS on all.
> I can do this from Group Policy without physical access?
>
> This laptops access network occasionally, when I need to install software or
> ...errors.
> I create GP rules for security, software restriction policy ...and it's
> successfully aplied.
>
> I don't want to create an Certificates server, only domain administrator is
> RA.
>
>
> 10x
> Cezar
oh...sorry...I forget it....laptops are Xp with SP2...and servers w2k3 with
sp1, active directory, dhcp...all works fine
--
Multumesc
Cezar
"Cezar" wrote:
> hi all!
>
> I have some laptop's and I want to activate EFS on all.
> I can do this from Group Policy without physical access?
>
> This laptops access network occasionally, when I need to install software or
> ...errors.
> I create GP rules for security, software restriction policy ...and it's
> successfully aplied.
>
> I don't want to create an Certificates server, only domain administrator is
> RA.
>
>
> 10x
> Cezar
Archived from groups: microsoft.public.win2000.security (More info?)
Hi,
This should help you out plan your EFS deployment.
Encrypting File System in Windows XP and Windows Server 2003
http://www.microsoft.com/technet/prodtechnol/winxppro/d...
--
Mike
Microsoft MVP - Windows Security
"Cezar" <Cezar@discussions.microsoft.com> wrote in message
news![:D]( ":D")
6202894-BC82-4E9D-AF7A-EEE433880236@microsoft.com...
> hi all!
>
> I have some laptop's and I want to activate EFS on all.
> I can do this from Group Policy without physical access?
>
> This laptops access network occasionally, when I need to install software
> or
> ...errors.
> I create GP rules for security, software restriction policy ...and it's
> successfully aplied.
>
> I don't want to create an Certificates server, only domain administrator
> is
> RA.
>
>
> 10x
> Cezar
Hi,
This should help you out plan your EFS deployment.
Encrypting File System in Windows XP and Windows Server 2003
http://www.microsoft.com/technet/prodtechnol/winxppro/d...
--
Mike
Microsoft MVP - Windows Security
"Cezar" <Cezar@discussions.microsoft.com> wrote in message
news
6202894-BC82-4E9D-AF7A-EEE433880236@microsoft.com...> hi all!
>
> I have some laptop's and I want to activate EFS on all.
> I can do this from Group Policy without physical access?
>
> This laptops access network occasionally, when I need to install software
> or
> ...errors.
> I create GP rules for security, software restriction policy ...and it's
> successfully aplied.
>
> I don't want to create an Certificates server, only domain administrator
> is
> RA.
>
>
> 10x
> Cezar
Archived from groups: microsoft.public.win2000.security (More info?)
By default they should all ready be able to use EFS unless you restricted it
with Group Policy or a registry mod on those computers. XP Pro computer do
not require a RA. Be very careful with EFS and be sure to follow best
practices. If the users are already using it and have no RA then their
currently encrypted files will stay without a CA until they open them after
a point in time when new Group Policy is in effect that dictates the RA.
Also keep in mind as long as the users EFS private key is on their computer
their EFS is only as strong as their user password. The first link below
shows how EFS is disabled and enabled for EFS in XP Pro. I would also
encourage users to backup their EFS private key and to keep it separate from
their computer. --- Steve
http://www.petri.co.il/disable_efs_in_windows_xp_2003.h...
http://support.microsoft.com/default.aspx?scid=kb;EN-US;223316 --- EFS
best practices
"Cezar" <Cezar@discussions.microsoft.com> wrote in message
news![:D]( ":D")
6202894-BC82-4E9D-AF7A-EEE433880236@microsoft.com...
> hi all!
>
> I have some laptop's and I want to activate EFS on all.
> I can do this from Group Policy without physical access?
>
> This laptops access network occasionally, when I need to install software
> or
> ...errors.
> I create GP rules for security, software restriction policy ...and it's
> successfully aplied.
>
> I don't want to create an Certificates server, only domain administrator
> is
> RA.
>
>
> 10x
> Cezar
By default they should all ready be able to use EFS unless you restricted it
with Group Policy or a registry mod on those computers. XP Pro computer do
not require a RA. Be very careful with EFS and be sure to follow best
practices. If the users are already using it and have no RA then their
currently encrypted files will stay without a CA until they open them after
a point in time when new Group Policy is in effect that dictates the RA.
Also keep in mind as long as the users EFS private key is on their computer
their EFS is only as strong as their user password. The first link below
shows how EFS is disabled and enabled for EFS in XP Pro. I would also
encourage users to backup their EFS private key and to keep it separate from
their computer. --- Steve
http://www.petri.co.il/disable_efs_in_windows_xp_2003.h...
http://support.microsoft.com/default.aspx?scid=kb;EN-US;223316 --- EFS
best practices
"Cezar" <Cezar@discussions.microsoft.com> wrote in message
news
6202894-BC82-4E9D-AF7A-EEE433880236@microsoft.com...> hi all!
>
> I have some laptop's and I want to activate EFS on all.
> I can do this from Group Policy without physical access?
>
> This laptops access network occasionally, when I need to install software
> or
> ...errors.
> I create GP rules for security, software restriction policy ...and it's
> successfully aplied.
>
> I don't want to create an Certificates server, only domain administrator
> is
> RA.
>
>
> 10x
> Cezar
Archived from groups: microsoft.public.win2000.security (More info?)
10x Miha, 10x Steven...
I understand the information from this links but...still I have some
problem...
How I enable folder encryption ( ex. \My documents) on all laptops without
access on them... from... Group Policy?
Maybe with scripts or use chiper utility?
--
Multumesc
Cezar
"Cezar" wrote:
> hi all!
>
> I have some laptop's and I want to activate EFS on all.
> I can do this from Group Policy without physical access?
>
> This laptops access network occasionally, when I need to install software or
> ...errors.
> I create GP rules for security, software restriction policy ...and it's
> successfully aplied.
>
> I don't want to create an Certificates server, only domain administrator is
> RA.
>
>
> 10x
> Cezar
10x Miha, 10x Steven...
I understand the information from this links but...still I have some
problem...
How I enable folder encryption ( ex. \My documents) on all laptops without
access on them... from... Group Policy?
Maybe with scripts or use chiper utility?
--
Multumesc
Cezar
"Cezar" wrote:
> hi all!
>
> I have some laptop's and I want to activate EFS on all.
> I can do this from Group Policy without physical access?
>
> This laptops access network occasionally, when I need to install software or
> ...errors.
> I create GP rules for security, software restriction policy ...and it's
> successfully aplied.
>
> I don't want to create an Certificates server, only domain administrator is
> RA.
>
>
> 10x
> Cezar
Archived from groups: microsoft.public.win2000.security (More info?)
You could use cipher utility (in e.g. logon script).
--
Mike
Microsoft MVP - Windows Security
"Cezar" <Cezar@discussions.microsoft.com> wrote in message
news:13DC553D-FB7F-4B7C-B471-A80673AB93A2@microsoft.com...
> 10x Miha, 10x Steven...
>
> I understand the information from this links but...still I have some
> problem...
>
> How I enable folder encryption ( ex. \My documents) on all laptops without
> access on them... from... Group Policy?
> Maybe with scripts or use chiper utility?
>
> --
> Multumesc
> Cezar
>
>
> "Cezar" wrote:
>
>> hi all!
>>
>> I have some laptop's and I want to activate EFS on all.
>> I can do this from Group Policy without physical access?
>>
>> This laptops access network occasionally, when I need to install software
>> or
>> ...errors.
>> I create GP rules for security, software restriction policy ...and it's
>> successfully aplied.
>>
>> I don't want to create an Certificates server, only domain administrator
>> is
>> RA.
>>
>>
>> 10x
>> Cezar
You could use cipher utility (in e.g. logon script).
--
Mike
Microsoft MVP - Windows Security
"Cezar" <Cezar@discussions.microsoft.com> wrote in message
news:13DC553D-FB7F-4B7C-B471-A80673AB93A2@microsoft.com...
> 10x Miha, 10x Steven...
>
> I understand the information from this links but...still I have some
> problem...
>
> How I enable folder encryption ( ex. \My documents) on all laptops without
> access on them... from... Group Policy?
> Maybe with scripts or use chiper utility?
>
> --
> Multumesc
> Cezar
>
>
> "Cezar" wrote:
>
>> hi all!
>>
>> I have some laptop's and I want to activate EFS on all.
>> I can do this from Group Policy without physical access?
>>
>> This laptops access network occasionally, when I need to install software
>> or
>> ...errors.
>> I create GP rules for security, software restriction policy ...and it's
>> successfully aplied.
>>
>> I don't want to create an Certificates server, only domain administrator
>> is
>> RA.
>>
>>
>> 10x
>> Cezar
Related ressources:
- ForumEFS and Certificate Services
- ForumHow do I create EFS recovery agents?
- ForumEFS
- Forumencrypted files (NTFS EFS ) on external USB drive
- Forumchanged password and efs
- ForumDRA cannont open EFS files
- ForumEFS Key Restoration from backup file
- ForumEFS , Encrypting File System document missing
- ForumSelf-Signed EFS and AD
- ForumHow to publish EFS Certificate in AD
- ForumEncrypting File System - EFS in Win XP
- Forumbaffled by efs
- ForumEFS question
- ForumEFS error: event id: 6203 on Windows Server 2003
- ForumWeirdness when disable EFS via Group Policy
- ForumEFS folder
- ForumCpu Upgrade re- Activation needed?
- ForumWindows Product Activation
- ForumParallel and com ports not appearing in device manager
- ForumEFS
- More resources
!
