AFAIK the process for adding more encryptors to the EFS process is more likely the process used to add a "Recovery Agent" for the user, so that if the user account got corrupted, or an administrator forces the user's password (both cases makes the encrypted files unrecoverable) the Recovery Agent can recover the information. If I remember well on XP the default user marked as Recovery Agent is the Administrator user account, while on Server platforms this function is not explicitly defined (that is: no recovery agent is defined for a user's encryption certificate).
I may be wrong, but I am sure I have studied it this way. Sincerely En3pY -- Sebastian `En3pY` Zdrojewski ############################## # URL: http://www.en3py.net/ # # E-Mail: [EMAIL PROTECTED] # ############################## -----Messaggio originale----- Da: Laura A. Robinson [mailto:[EMAIL PROTECTED] Inviato: sabato 4 marzo 2006 1.51 A: 'Sebastian "En3pY" Zdrojewski'; [email protected] Oggetto: RE: Questions regarding EFS Actually, this is not the case. EFS sharing can be used in the absence of a PKI. The encryptor of the file only needs the certificate of the user they wish to add as an additional encryptor, and the process is quite simple. If specific instructions are needed, I can provide them, but the process is very straightforward and simple. Having said that, it is advisable to have a PKI in place when using EFS, but not because of the desire to add additional encryptors. This applies regardless of whether we're discussing a single machine or multiple machines. Laura > -----Original Message----- > From: Sebastian "En3pY" Zdrojewski [mailto:[EMAIL PROTECTED] > Sent: Friday, March 03, 2006 1:22 PM > To: [email protected] > Subject: R: Questions regarding EFS > > Actually you cannot use EFS to share information with other users > unless you have PKI services installed on your network. > Unless you decide to install PKI infrastructure on your network, the > encrypted files will be available only on local system. Copying files > and/or folders to targets outside the local system will cause loss of > encryption. > > Sincerely > > En3pY > > > Sebastian Konstanty Zdrojewski > > ________________________________ > > URL: http://www.en3py.net/ > E-Mail: [EMAIL PROTECTED] > > ________________________________ > > Le informazioni contenute in questo messaggio sono riservate e > confidenziali. Il loro utilizzo è consentito esclusivamente al > destinatario del messaggio, per le finalità indicate nel messaggio > stesso. Qualora Lei non fosse la persona a cui il presente messaggio è > destinato, La invito ad eliminarlo dal Suo Sistema ed a distruggere le > varie copie o stampe, dandone gentilmente comunicazione. Ogni utilizzo > improprio è contrario ai principi del D.lgs 196/03 e alla legislazione > Europea (Direttiva 2002/58/CE). > > -----Messaggio originale----- > Da: Arley Barros Leal [mailto:[EMAIL PROTECTED] > Inviato: giovedì 2 marzo 2006 10.29 > A: Dwight Jones; [email protected] > Oggetto: RE: Questions regarding EFS > > Hi Dwight, > > You may use the command "cipher" to script or command line efs enc/dec > operations. To be able to enc/dec files stored on remote servers (ie. > Trough > shares) you must trust the server for delegation and thus let the > server impersonate your credentials. > > I'm not sure if you can share encrypted files with other users beside > the legitimate certificate owner and the recovery agent user. Let me > know your findings.. > > Cheers, > Arley Silveira. > Sénior Systems Engineer > Cisco VPN/Firewall Specialist, CCNA, MCSE Security MCSA, > MCP+I, Security+, > iNET+, OCP, CIWA > > > > -----Original Message----- > From: Dwight Jones [mailto:[EMAIL PROTECTED] > Sent: Wednesday, March 01, 2006 8:50 PM > To: [email protected] > Subject: Questions regarding EFS > > Ok, heres the situation. I already went thru the process of setting > up efs on a 2003 remote server and can access the files. What I want > to know is if it is possible to use the command line to encrypt, and > then give access to the shared file. I know you use cipher to > encrypt/decrypt, but is there a way to add an additional user to the > access list of the shared encrypted file. > > > > > > > This email and any files transmitted with it are solely > intended for the use of the > addressee(s) and may contain information that is confidential > and privileged. If you receive this email in error, please > advise us by return email immediately. > Please also disregard the contents of the email, delete it > and destroy any copies immediately. > > > -------------------------------------------------------------- > ------------- > -------------------------------------------------------------- > ------------- > > > -- > No virus found in this incoming message. > Checked by AVG Free Edition. > Version: 7.1.375 / Virus Database: 268.1.1/273 - Release > Date: 02/03/2006 > > --------------------------------------------------------------------------- --------------------------------------------------------------------------- -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.375 / Virus Database: 268.1.1/273 - Release Date: 02/03/2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.375 / Virus Database: 268.1.2/274 - Release Date: 03/03/2006 --------------------------------------------------------------------------- ---------------------------------------------------------------------------
