How to prevent users from using EFS encryption in Windows Server 2003?

335 pts.
Tags:
EFS
Encryption
Windows Server 2003
I have two related question regarding Windows Server 2003: 1- How do I prevent users from using EFS encryption? 2- If a file, or a folder, is already encrypted using EFS by a user and the file permissions have been changed to prevent admin from deleting this file, how can the admin recover the encrypted file, as well as keep the contained data?
ASKED: October 14, 2008  6:54 PM
UPDATED: October 22, 2008  11:04 PM

Answer Wiki

Thanks. We'll let you know when a new response is added.

The easiest way to prevent users from using EFS encryption is to disable EFS encryption at the group policy level. To do so, open the group policy of choice in the Group Policy Object Editor and then navigate through the console tree to Computer Configuration | Windows Settings | Security Settings | Public Key Policies. Now, right click on the Encrypting File System object, and choose the Properties command from the resulting shortcut menu. In Windows Server 2003 you must clear the Encrypt Files Using Encrypting File System (EFS) check box. In Windows Server 2008, you would select the Don’t allow option.

If you choose to disable EFS encryption through a group policy setting, you must be careful of how you apply this setting. You should apply the setting to a portion of the Active Directory that only applies to desktop workstations. After all, you don’t want to disable EFS encryption on network servers, and depending on the nature of your business, you may also need to leave EFS encryption enabled for mobile users.

Discuss This Question:  

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following