Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Thursday, February 27, 2014 11:20 AM
We have an scenario where we need multiple users to store and access files locally on a RDS server, but the administrators cannot ever have access to them, nor reconfigure the system to make this so. The files must be automatically encrypted once they are written to certain folders.
Just to make life more interesting, some users use a small personal SQL database. Their database files must also be subject to the same security arrangements.
I've been looking at EFS, but not sure if it will meet all the requirements. I know I can set the recovery manager to a non admin, but I haven't been able to determine if I can automatically apply the certificates for multiple users based on the files being placed in a specific folder.
All replies (3)
Saturday, March 1, 2014 9:43 AM âś…Answered
Hi,
Encrypting File System (EFS) is a feature of Windows that you can use to store information on your hard disk in an encrypted format. Encryption is the strongest protection that Windows provides to help you keep your information secure.
Some key features of EFS:
Encrypting is simple; just select a check box in the file or folder's properties to turn it on.
You have control over who can read the files.
Files are encrypted when you close them, but are automatically ready to use when you open them.
If you change your mind about encrypting a file, clear the check box in the file's properties.
Please also go through the below links for more helpful information:
Best practices for the Encrypting File System
http://support.microsoft.com/kb/223316/en-us
Using Encrypting File System
http://technet.microsoft.com/en-us/library/bb457116.aspx
Regards,
Yan Li
Regards, Yan Li
Thursday, March 6, 2014 2:04 AM
Hi,
Any update about the issue?
Regards,
Yan Li
Regards, Yan Li
Tuesday, October 28, 2014 2:12 PM
Yan, with EFS, can you prevent Domain Administrators and Local Administrators from being able to decrypt the data? I have a requirement for systems used by a team in Luxembourg to be accessible only to them, but I want to host the systems in a datacenter in the US. The requirement is that only the team in Luxembourg has access to the data. I'd like the team in the US to be able to manage the server, patch the OS, etc., but not have access to certain directories.
Is this possible?
Dave-