IT tutorials
 
Windows
 

Windows 7 : Encrypting File System (part 2) - How to Grant an Additional User Access to an EFS-encrypted File , How to Import Personal Certificates

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
1/4/2014 8:35:25 PM

3. How to Grant an Additional User Access to an EFS-encrypted File

By default, only the user who encrypted a file is able to access it. However, Windows 7 (as well as Windows Vista, Windows XP, and Windows Server 2003, but not Microsoft Windows 2000) allows you to grant more than one user access to an EFS-encrypted file. This is possible because EFS doesn't encrypt files using the user's personal EFS key; instead, EFS encrypts files with a File Encryption Key (FEK) and then encrypts the FEK with the user's personal EFS key. Therefore, decryption requires two separate keys. However, the FEK key can be encrypted multiple times for different users, and each user can access his or her own encrypted copy of the FEK key to decrypt files.

To allow encrypted files to be shared between users on a computer, perform these steps:

  1. In Windows Explorer, right-click the file, and then click Properties.

  2. On the General tab, click Advanced.

  3. In the Advanced Attributes dialog box, click Details.

    The User Access dialog box appears, showing the users who have access to the file and the users who can act as recovery agents.

  4. Click Add.

    The Encrypting File System dialog box appears and displays a list of users who have logged on to the local computer and who have an EFS certificate. A domain administrator can generate EFS certificates, or Windows 7 will generate one automatically the first time a user encrypts a file.

  5. To add a domain user who is not on the list but who has a valid encryption certificate, click the Find User button. If EFS informs you that no appropriate certificates correspond to the selected user, the user has not been granted an EFS certificate. The user can generate by encrypting a file, or a domain administrator can distribute an EFS certificate to the user.

    Note

    IMPORTING A CERTIFICATE MANUALLY

    If a user has a certificate but you can't find it, you can manually import it. First, have the user export the certificate as described in the previous section. Then, import the certificate as described in the next section.

  6. Select the user that you want to add, and then click OK.

  7. Repeat steps 3–5 to add more users, and then click OK three times.

You cannot share encrypted folders with multiple users, only individual files. In fact, you cannot even share multiple encrypted files in a single action—you must share each individual file. However, you can use the Cipher.exe command-line tool to automate the process of sharing files.

Granting a user EFS access to a file does not override NTFS permissions. Therefore, if a user still lacks the file permissions to access a file, Windows will still prevent that user from accessing a file.

Any users who have access to an EFS-encrypted file can, in turn, grant other users access to the file.

Note

EFS DOESN'T AFFECT SHARING ACROSS A NETWORK

EFS has no effect on sharing files and folders across a network. Therefore, you need to follow these steps only when you want to share a folder with another local user on the same computer.

4. How to Import Personal Certificates

You can share encrypted files with other users if you have the certificate for the other user. To allow another user to use a file that you have encrypted, you need to import the user's certificate onto your computer and add the user's name to the list of users who are permitted access to the file, as described in the previous section.

To import a user certificate, perform these steps:

  1. Click Start, type mmc, and then press Enter to open a blank MMC.

  2. Click File, and then click Add/Remove Snap-in.

  3. Select Certificates and click Add. Select My User Account and click Finish. Click OK to close the Add Or Remove Snap-ins dialog box.

  4. Select Certificates, and then select Trusted People.

  5. Right-click Trusted People. On the All Tasks menu, click Import to open the Certificate Import Wizard.

  6. Click Next and then browse to the location of the certificate you want to import.

  7. Select the certificate and then click Next.

  8. Type the password for the certificate and then click Next.

  9. Click Next to place the certificate in the Trusted People store.

  10. Click Finish to complete the import.

  11. Click OK to acknowledge the successful import, and then exit the MMC.

Now you can grant that user access to EFS-encrypted files.

 
Others
 
- Windows 7 : Encrypting File System (part 1) - How to Encrypt a Folder with EFS, How to Create and Back Up EFS Certificates
- Windows 7 : How to Troubleshoot Authentication Issues (part 3) - How to Troubleshoot an Untrusted Certification Authority
- Windows 7 : How to Troubleshoot Authentication Issues (part 2) - How to Use Auditing to Troubleshoot Authentication Problems
- Windows 7 : How to Troubleshoot Authentication Issues (part 1) - Identifying Logon Restrictions
- Windows 7 : Authenticating Users - How to Use Credential Manager
- Windows 7 : Changing the Default Connection, Managing Multiple Internet Connections
- Windows 7 : Configuring a High-Speed Connection (part 2) - Setting Up a Fixed IP Address
- Windows 7 : Configuring a High-Speed Connection (part 1) - Configuring a PPPoE Broadband Connection, Setting Up Dynamic IP Addressing
- Windows 7 : Installing a Network Adapter for Broadband Service
- Windows Server 2008 : Understanding Group Policy Settings (part 2) - Deploying Applications
 
 
Top 10
 
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
 
Facebook
 
Technology FAQ
- IIS Web site works in all browsers except Safari on Mac
- notification
- alternative current in to a pc
- parse url in JavaScript
- Dual WAN on a Fortigate 60
- Should Sys Admins (Domain Admins) also have user accounts?
- DR solution for data warehouse
- C# Creating Plugins
- SCCM 2007 collection by OU not showing all pc's
- Email account got spoofed?
programming4us programming4us