Hi Everybody, I have misunderstanding about AD CS. So I have installed AD CS and everything are ok for first look. My question is: How to encrypt shared file (with certificate that issued AD CS (it only uses local certificate for encrypting))) on network so that user who have successfully auto enrolled certificate could decrypt that file. When I want add certificate for user in order they could open encrypted file, it doesnt let me choose. "Find User.." check box is grayed-out. . . Thank you in advance. . . .

Hello, Thank you for your post. This is a quick note to let you know that we are performing research on this issue. Best Regards Elytis ChengElytis Cheng TechNet Community Support

Hi, In order to add users from Active Directory to an encrypted file, you have to find the PDC FSMO. If the PDC FSMO can't be found, the Find... button is disabled (greyed out). How to view and transfer FSMO roles in Windows Server 2003 http://support.microsoft.com/kb/324801 Please make sure there is no related policy setting: Computer configuration -> Windows Settings -> Security Settings -> Public Key Policies ->Encrypting File System. You can share encrypted files with other users if you have the certificate for the other user. To allow another user to use a file that you have encrypted, you need to import her certificate onto your computer and add her user name to the list of users who are permitted access to the file. For details: http://sourcedaddy.com/windows-7/how-to-import-personal-certificates.html Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information. Hope this helps! Best Regards Elytis ChengElytis Cheng TechNet Community Support

Hi, Thank you for your response. I have verified things that you mentioned and everything is OK so there is no problem with FSMO roles, there is no additional security policy roles assigned to the Computers Settings. "Find Users. . "- this is for adding user certificates, not for user accounts. It doesn't let me find certificates of User that joined "Domain 2008". But I can see all the certificates that was issued to user computers. Could you suggest any source about how to use AD CS for encryption files. There a lot of materials related with creating and issuing certificates but how to use certificates why we need it . . . I want dig into it.

Hi, Could anyone reply to my question . . . . . ?