Actually, this is not the case. EFS sharing can be used in the absence of a PKI. The encryptor of the file only needs the certificate of the user they wish to add as an additional encryptor, and the process is quite simple. If specific instructions are needed, I can provide them, but the process is very straightforward and simple. Having said that, it is advisable to have a PKI in place when using EFS, but not because of the desire to add additional encryptors. This applies regardless of whether we're discussing a single machine or multiple machines.
Laura > -----Original Message----- > From: Sebastian "En3pY" Zdrojewski [mailto:[EMAIL PROTECTED] > Sent: Friday, March 03, 2006 1:22 PM > To: [email protected] > Subject: R: Questions regarding EFS > > Actually you cannot use EFS to share information with other > users unless you have PKI services installed on your network. > Unless you decide to install PKI infrastructure on your > network, the encrypted files will be available only on local > system. Copying files and/or folders to targets outside the > local system will cause loss of encryption. > > Sincerely > > En3pY > > > Sebastian Konstanty Zdrojewski > > ________________________________ > > URL: http://www.en3py.net/ > E-Mail: [EMAIL PROTECTED] > > ________________________________ > > Le informazioni contenute in questo messaggio sono riservate > e confidenziali. Il loro utilizzo è consentito esclusivamente > al destinatario del messaggio, per le finalità indicate nel > messaggio stesso. Qualora Lei non fosse la persona a cui il > presente messaggio è destinato, La invito ad eliminarlo dal > Suo Sistema ed a distruggere le varie copie o stampe, dandone > gentilmente comunicazione. Ogni utilizzo improprio è > contrario ai principi del D.lgs 196/03 e alla legislazione > Europea (Direttiva 2002/58/CE). > > -----Messaggio originale----- > Da: Arley Barros Leal [mailto:[EMAIL PROTECTED] > Inviato: giovedì 2 marzo 2006 10.29 > A: Dwight Jones; [email protected] > Oggetto: RE: Questions regarding EFS > > Hi Dwight, > > You may use the command "cipher" to script or command line > efs enc/dec operations. To be able to enc/dec files stored on > remote servers (ie. Trough > shares) you must trust the server for delegation and thus let > the server impersonate your credentials. > > I'm not sure if you can share encrypted files with other > users beside the legitimate certificate owner and the > recovery agent user. Let me know your findings.. > > Cheers, > Arley Silveira. > Sénior Systems Engineer > Cisco VPN/Firewall Specialist, CCNA, MCSE Security MCSA, > MCP+I, Security+, > iNET+, OCP, CIWA > > > > -----Original Message----- > From: Dwight Jones [mailto:[EMAIL PROTECTED] > Sent: Wednesday, March 01, 2006 8:50 PM > To: [email protected] > Subject: Questions regarding EFS > > Ok, heres the situation. I already went thru the process of > setting up efs on a 2003 remote server and can access the > files. What I want to know is if it is possible to use the > command line to encrypt, and then give access to the shared > file. I know you use cipher to encrypt/decrypt, but is there > a way to add an additional user to the access list of the > shared encrypted file. > > > > > > > This email and any files transmitted with it are solely > intended for the use of the > addressee(s) and may contain information that is confidential > and privileged. If you receive this email in error, please > advise us by return email immediately. > Please also disregard the contents of the email, delete it > and destroy any copies immediately. > > > -------------------------------------------------------------- > ------------- > -------------------------------------------------------------- > ------------- > > > -- > No virus found in this incoming message. > Checked by AVG Free Edition. > Version: 7.1.375 / Virus Database: 268.1.1/273 - Release > Date: 02/03/2006 > > --------------------------------------------------------------------------- ---------------------------------------------------------------------------
