IT tutorials
 
Windows
 

Windows 7 : Encrypting File System (part 2) - How to Grant an Additional User Access to an EFS-encrypted File , How to Import Personal Certificates

- Windows 10 Product Activation Keys Free 2019
- How to active Windows 8 without product key
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
1/4/2014 8:35:25 PM

3. How to Grant an Additional User Access to an EFS-encrypted File

By default, only the user who encrypted a file is able to access it. However, Windows 7 (as well as Windows Vista, Windows XP, and Windows Server 2003, but not Microsoft Windows 2000) allows you to grant more than one user access to an EFS-encrypted file. This is possible because EFS doesn't encrypt files using the user's personal EFS key; instead, EFS encrypts files with a File Encryption Key (FEK) and then encrypts the FEK with the user's personal EFS key. Therefore, decryption requires two separate keys. However, the FEK key can be encrypted multiple times for different users, and each user can access his or her own encrypted copy of the FEK key to decrypt files.

To allow encrypted files to be shared between users on a computer, perform these steps:

  1. In Windows Explorer, right-click the file, and then click Properties.

  2. On the General tab, click Advanced.

  3. In the Advanced Attributes dialog box, click Details.

    The User Access dialog box appears, showing the users who have access to the file and the users who can act as recovery agents.

  4. Click Add.

    The Encrypting File System dialog box appears and displays a list of users who have logged on to the local computer and who have an EFS certificate. A domain administrator can generate EFS certificates, or Windows 7 will generate one automatically the first time a user encrypts a file.

  5. To add a domain user who is not on the list but who has a valid encryption certificate, click the Find User button. If EFS informs you that no appropriate certificates correspond to the selected user, the user has not been granted an EFS certificate. The user can generate by encrypting a file, or a domain administrator can distribute an EFS certificate to the user.

    Note

    IMPORTING A CERTIFICATE MANUALLY

    If a user has a certificate but you can't find it, you can manually import it. First, have the user export the certificate as described in the previous section. Then, import the certificate as described in the next section.

  6. Select the user that you want to add, and then click OK.

  7. Repeat steps 3–5 to add more users, and then click OK three times.

You cannot share encrypted folders with multiple users, only individual files. In fact, you cannot even share multiple encrypted files in a single action—you must share each individual file. However, you can use the Cipher.exe command-line tool to automate the process of sharing files.

Granting a user EFS access to a file does not override NTFS permissions. Therefore, if a user still lacks the file permissions to access a file, Windows will still prevent that user from accessing a file.

Any users who have access to an EFS-encrypted file can, in turn, grant other users access to the file.

Note

EFS DOESN'T AFFECT SHARING ACROSS A NETWORK

EFS has no effect on sharing files and folders across a network. Therefore, you need to follow these steps only when you want to share a folder with another local user on the same computer.

4. How to Import Personal Certificates

You can share encrypted files with other users if you have the certificate for the other user. To allow another user to use a file that you have encrypted, you need to import the user's certificate onto your computer and add the user's name to the list of users who are permitted access to the file, as described in the previous section.

To import a user certificate, perform these steps:

  1. Click Start, type mmc, and then press Enter to open a blank MMC.

  2. Click File, and then click Add/Remove Snap-in.

  3. Select Certificates and click Add. Select My User Account and click Finish. Click OK to close the Add Or Remove Snap-ins dialog box.

  4. Select Certificates, and then select Trusted People.

  5. Right-click Trusted People. On the All Tasks menu, click Import to open the Certificate Import Wizard.

  6. Click Next and then browse to the location of the certificate you want to import.

  7. Select the certificate and then click Next.

  8. Type the password for the certificate and then click Next.

  9. Click Next to place the certificate in the Trusted People store.

  10. Click Finish to complete the import.

  11. Click OK to acknowledge the successful import, and then exit the MMC.

Now you can grant that user access to EFS-encrypted files.

 
Others
 
- Windows 7 : Encrypting File System (part 1) - How to Encrypt a Folder with EFS, How to Create and Back Up EFS Certificates
- Windows 7 : How to Troubleshoot Authentication Issues (part 3) - How to Troubleshoot an Untrusted Certification Authority
- Windows 7 : How to Troubleshoot Authentication Issues (part 2) - How to Use Auditing to Troubleshoot Authentication Problems
- Windows 7 : How to Troubleshoot Authentication Issues (part 1) - Identifying Logon Restrictions
- Windows 7 : Authenticating Users - How to Use Credential Manager
- Windows 7 : Changing the Default Connection, Managing Multiple Internet Connections
- Windows 7 : Configuring a High-Speed Connection (part 2) - Setting Up a Fixed IP Address
- Windows 7 : Configuring a High-Speed Connection (part 1) - Configuring a PPPoE Broadband Connection, Setting Up Dynamic IP Addressing
- Windows 7 : Installing a Network Adapter for Broadband Service
- Windows Server 2008 : Understanding Group Policy Settings (part 2) - Deploying Applications
 
 
Top 10
 
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
programming4us programming4us
 
Popular tags
 
Video Tutorail Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 Adobe Indesign Adobe Flash Professional Dreamweaver Adobe Illustrator Adobe After Effects Adobe Photoshop Adobe Fireworks Adobe Flash Catalyst Corel Painter X CorelDRAW X5 CorelDraw 10 QuarkXPress 8 windows Phone 7 windows Phone 8 BlackBerry Android Ipad Iphone iOS