Share Files Using Encrypting File System
Encrypting File System File Sharing
Windows XP's EFS supports file sharing between multiple users on a single file. This provides an opportunity for data recovery by adding additional users to an encrypted file. Although the use of additional users cannot be enforced through policy or other means, it is a useful and easy method for enabling recovery of encrypted files by multiple users without actually using groups, and without sharing private keys between users.
Once a file has been initially encrypted, file sharing is enabled through a new button in the user interface (UI). A file must be encrypted first and then saved before additional users may be added. After selecting the Advanced Properties of an encrypted file, a user may be added by selecting the Details button. Individual users may add other users (not groups) from the local machine or from the Active Directory, provided the user has a valid certificate for EFS.
Enabling EFS file sharing
Sharing encrypted files using EFS has been supported since Windows 2000 through Win32 application program interfaces, but EFS has not been exposed in the Windows Explorer User Interface until the development of the Windows XP Professional.
How to encrypt a file for multiple users?
* Open Windows Explorer and select the file you want to encrypt
* Right-click the chosen file and select Properties from the context menu.
* Select the Advanced button to enable EFS.
* Encrypt the file by selecting the Encrypt contents to secure data check box and Click OK
* If this is the first time this file or folder has been encrypted, a dialog box will appear asking if you would like to encrypt the file only or the folder.
* Select the appropriate choice and click OK. This will return you to the original dialog box.
Note : The file is not encrypted until you click OK. Also, additional users may not be added until the file has been encrypted by the first user.
* Click OK to encrypt the file.
* Open the file properties again through the Advanced properties button and then select the Details button to add additional users. Once the Details dialog box is open, the add user option will be displayed.
Note : Additional information is available in the Encryption Details dialog box which may be useful for troubleshooting purposes.
How to add users?
* Click the Add button
# A new dialog box will be presented showing the existing users and certificates that are cached in the "Other People" certificate store of the local machine. It will also allow new users to be added from the Active Directory by clicking the Find User button.
Note : A user must have a valid EFS certificate in the Active Directory to be added.
# Click the Find User button to find new users
# The standard object picker dialog box will be displayed and a search will be conducted.
A dialog box will display users that hold valid EFS certificates in the Active Directory based on your search criteria. If no valid certificate is found for the given user, the dialog box will be displayed saying "No appropriate Certificates correspond to the selected user"
If valid certificates exist in the userCertificate attribute of the user object in the directory, they will be displayed in the certificate selection dialog box.
Note : Windows XP now performs revocation checking on all certificates for other users when they’re added to an encrypted file. For performance reasons, users that hold a private key are not checked for revocation. However, certificates that do not contain a CDP (Certificate Revocation List Distribution Point) extension (such as those from some 3rd party CAs) will not be validated for revocation status. If the revocation status check on a certificate fails, the messages stating "An internal certificate chaining error has occured" -OR- "The signature of the certificate cannot be verified." will be shown.
If the revocation status and chain building completed successfully, the user will be added to the dialog box and the file will be updated accordingly.
# Click OK to register the change and continue.
Note : Any user that can decrypt a file can also remove other users—if the user doing the decrypting also has write permission.
Note : EFS has a limit of 256K in the file header for the EFS metadata. This limits the number of individual entries for file sharing that may be added. On average, a maximum of 800 individual users may be added to an encrypted file.
How to view the certificate for information?
You can select a user certificate, and view the certificate for information to make your administrative decision. To view a certificate, just follow the instructions:
* Highlight the certificate in the dialog box and click the View Certificate button.
* Click OK to close this dialog box when finished. You will be returned to the previous dialog box within which you can choose the appropriate user to be added to the encrypted file.
* Highlight the selected user certificate that you want to use and click OK.
Noe that encyption is so easy, Always encrypt your private and crucial data.... All the best...!
Source : techarena
Encrypting File System File Sharing
Windows XP's EFS supports file sharing between multiple users on a single file. This provides an opportunity for data recovery by adding additional users to an encrypted file. Although the use of additional users cannot be enforced through policy or other means, it is a useful and easy method for enabling recovery of encrypted files by multiple users without actually using groups, and without sharing private keys between users.
Once a file has been initially encrypted, file sharing is enabled through a new button in the user interface (UI). A file must be encrypted first and then saved before additional users may be added. After selecting the Advanced Properties of an encrypted file, a user may be added by selecting the Details button. Individual users may add other users (not groups) from the local machine or from the Active Directory, provided the user has a valid certificate for EFS.
Enabling EFS file sharing
Sharing encrypted files using EFS has been supported since Windows 2000 through Win32 application program interfaces, but EFS has not been exposed in the Windows Explorer User Interface until the development of the Windows XP Professional.
How to encrypt a file for multiple users?
* Open Windows Explorer and select the file you want to encrypt
* Right-click the chosen file and select Properties from the context menu.
* Select the Advanced button to enable EFS.
* Encrypt the file by selecting the Encrypt contents to secure data check box and Click OK
* If this is the first time this file or folder has been encrypted, a dialog box will appear asking if you would like to encrypt the file only or the folder.
* Select the appropriate choice and click OK. This will return you to the original dialog box.
Note : The file is not encrypted until you click OK. Also, additional users may not be added until the file has been encrypted by the first user.
* Click OK to encrypt the file.
* Open the file properties again through the Advanced properties button and then select the Details button to add additional users. Once the Details dialog box is open, the add user option will be displayed.
Note : Additional information is available in the Encryption Details dialog box which may be useful for troubleshooting purposes.
How to add users?
* Click the Add button
# A new dialog box will be presented showing the existing users and certificates that are cached in the "Other People" certificate store of the local machine. It will also allow new users to be added from the Active Directory by clicking the Find User button.
Note : A user must have a valid EFS certificate in the Active Directory to be added.
# Click the Find User button to find new users
# The standard object picker dialog box will be displayed and a search will be conducted.
A dialog box will display users that hold valid EFS certificates in the Active Directory based on your search criteria. If no valid certificate is found for the given user, the dialog box will be displayed saying "No appropriate Certificates correspond to the selected user"
If valid certificates exist in the userCertificate attribute of the user object in the directory, they will be displayed in the certificate selection dialog box.
Note : Windows XP now performs revocation checking on all certificates for other users when they’re added to an encrypted file. For performance reasons, users that hold a private key are not checked for revocation. However, certificates that do not contain a CDP (Certificate Revocation List Distribution Point) extension (such as those from some 3rd party CAs) will not be validated for revocation status. If the revocation status check on a certificate fails, the messages stating "An internal certificate chaining error has occured" -OR- "The signature of the certificate cannot be verified." will be shown.
If the revocation status and chain building completed successfully, the user will be added to the dialog box and the file will be updated accordingly.
# Click OK to register the change and continue.
Note : Any user that can decrypt a file can also remove other users—if the user doing the decrypting also has write permission.
Note : EFS has a limit of 256K in the file header for the EFS metadata. This limits the number of individual entries for file sharing that may be added. On average, a maximum of 800 individual users may be added to an encrypted file.
How to view the certificate for information?
You can select a user certificate, and view the certificate for information to make your administrative decision. To view a certificate, just follow the instructions:
* Highlight the certificate in the dialog box and click the View Certificate button.
* Click OK to close this dialog box when finished. You will be returned to the previous dialog box within which you can choose the appropriate user to be added to the encrypted file.
* Highlight the selected user certificate that you want to use and click OK.
Noe that encyption is so easy, Always encrypt your private and crucial data.... All the best...!
Source : techarena
No comments:
Post a Comment