EFS on file servers:
can’t use groups for access
also appears that you cannot set access on an encrypted folder, only on individual files
user who encrypts the file(s) chooses who has access to the file(s)

for a remote file server to host EFS files, the file server’s computer account in AD must be trusted for delegation.
for encrypted files on a share to be decrypted the file server will need to have a user profile of each user that wants to decrypt and a local copy of their private keys.
the only way on around this is the use of roaming profiles.

there is an EFS command line tool called cipher.exe that i haven’t tried out as of yet…

various info:
http://technet.microsoft.com/en-us/magazine/2006.05.howitworks.aspx

Comments are closed.