Do I need AD to use EFS?, part 2

In the answer to the question: Do I need AD to use EFS? I think an important part is missing. The computer must not only be delegated for trust, but must also be able to access the public key of the user to be able to decrypt after receiving the file.

You are correct. The answer was not a tutorial on how to set up this type of storage, but of course the users' EFS public key must be available. This can be accomplished either by using roaming profiles, or by exporting and importing. If no key is available, however, a new EFS certificate may be generated on the server. (This, of course, can be a problem, since the users' local private key will be different than that on the server and now two keys need to be backed up.) If, however, there is no delegation and no key on the server, the file is encrypted locally in a temporary file using the user's EFS public key, then it is sent to the server. When the user next accesses the file, it is downloaded into a temp file and then decrypted using his local keys.

Related Resources

A Computer Weekly buyer's guide to desktop computing 2020 –ComputerWeekly.com
Architecting for the future: The benefits of running Windows workloads on AWS –Amazon Web Services
Architecting for the future: The benefits of running Windows workloads on AWS –Amazon Web Services
Architecting for the future: The benefits of running Windows workloads on AWS –DMI Inc

Dig Deeper on Windows applications

SQL Server encryption features in SQL Server 2014 Learn about SQL Server encryption features and enhancements in SQL 14, including Transparent Data Encryption and encrypting backups.

Can Windows EFS hinder malware detection? A new malware strain leverages the Encrypting File System to thwart forensic analysis. Learn how to handle attacks that involve Windows EFS.

Techniques for performing EFS recovery IT pros face the daunting task of EFS-encrypted data, but Brien Posey offers EFS recovery tricks in this tip.

Powerful trio: BitLocker settings plus EFS and NTFS file encryption Start with BitLocker, then layer on NTFS and EFS, and you’ll have a powerful trio of tools to protect customer data. Phil Cox shows you how.

How to back up encrypted files and how to use the Encrypting File System With data backup security being such a high priority, more organizations are encrypting the contents of their file servers. Although encryption improves security, it can complicate an organization's backup efforts.

Prevent data loss with Encrypting File System (EFS) There is no easy way to recover lost data, but don't let that overwhelm you with the fear of losing important files forever. By being smart and planning ahead, you can save yourself from the headache of lost data in Windows. Learn about some preventative measures in this tip by Brien Posey.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our Enterprise Desktop experts

View all Enterprise Desktop questions and answers

Do I need AD to use EFS?, part 2

Dig Deeper on Windows applications

Have a question for an expert?

Start the conversation

0 comments

Please create a username to comment.

-ADS BY GOOGLE

SearchVirtualDesktop

Benefits of virtualization highlighted in top 10 stories of 2019

VMware vs. Citrix: VDI security showdown

Understand VDI market shifts from traditional VDI to cloud

SearchWindowsServer

What admins need to know about Azure Stack HCI

How to manage Exchange hybrid mail flow rules

How to repair Windows Server using Windows SFC and DISM

Related Resources

Dig Deeper on Windows applications

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.