Folder Level EFS permissions (File Server)

Starting with Windows XP, it become possible to facilitate access to
encrypted files to multiple users. As far as using EFS to protect file
shares is concerned, this is possible via either delegated server mode or
EFS over WebDAV (starting with Windows Server 2003). For more info, refer to
http://technet.microsoft.com/en-us/....aspx#EJAA

hth
Marcin

"netsec545" wrote in message
news:

I'm trying to find a simple way to give multiple users access to my EFS
shares on my file server. Manually importing certificates to each of the
thousands of subfiles, is not an option. Is there any way to grant folder
level EFS permissions? Or is it possible to grant security group
permissions
using EFS?

I have the following quote from another website...When is this "Future
Release"

Currently, encrypting files and folders to multiple users is not
supported.
Additionally, encrypting files or folders is not supported on network
shares.
(This functionality will be enabled in a future release.)

Thanks Marcin, however, the problem is not facilitating access to the
encrypted files. The problem is managing user access once the files are
encrypted. WebDAV will give me the ability to ensure the file remains
encrypted in transit, but that again is not my problem.

I have already enabled encryption via EFS on the file share. Once I enabled
the encryption, all sub-folders and files became encrypted using the
certificate I enabled the encryption with. The file share contains thousands
of files.

I have opted to export the key of the certificate I encrypted the file with,
and install this key on each end users system which require access, as well,
I installed the cert into their local profile on the file server. I also
plan on researching credential roaming so I don't have to manually install
the cert into their local cert store on the file server, but have not been
able to update my 2003 schema yet.

The problem I know run into is what if I want to add another certiface to
the file share, and then another. Or, what if a user with a valid
certificate is terminated, how do I remove that certificate from the file
share with thousands of sub-folders/files. Or, what do I do when the
certificate expires and I need to renew it on all the sub-folders/files.

The only way I have found to do this so far is manually touch every file,
and add/remove the certificates in question. Or, i'm told the cipher command
can script some of this for me, but this is not ideal as it requires a lot of
administrative overhead.

What I need is a gui interface to manage the certificates at the folder
level, and an option to assign a certificate to a security group, so I can
manage file share access by groups, instead of individuals.

Will this ever be available natively through Windows? It seems like a
fairly easy task to be left out of the EFS infrastructure. Without these
abilities, EFS is essentially useless for the larger enterprise.

Thanks,

Jeremy

"Marcin" wrote:

Starting with Windows XP, it become possible to facilitate access to
encrypted files to multiple users. As far as using EFS to protect file
shares is concerned, this is possible via either delegated server mode or
EFS over WebDAV (starting with Windows Server 2003). For more info, refer to
http://technet.microsoft.com/en-us/....aspx#EJAA

hth
Marcin

"netsec545" wrote in message
news:
> I'm trying to find a simple way to give multiple users access to my EFS
> shares on my file server. Manually importing certificates to each of the
> thousands of subfiles, is not an option. Is there any way to grant folder
> level EFS permissions? Or is it possible to grant security group
> permissions
> using EFS?
>
> I have the following quote from another website...When is this "Future
> Release"
>
> Currently, encrypting files and folders to multiple users is not
> supported.
> Additionally, encrypting files or folders is not supported on network
> shares.
> (This functionality will be enabled in a future release.)
>