AD CS Encryption
Hi Everybody,
I have misunderstanding about AD CS. So I have installed AD CS and everything are ok for first look. My question is: How to encrypt shared file (with certificate that issued AD CS (it only uses local certificate for encrypting))) on network so
that user who have successfully auto enrolled certificate could decrypt that file. When I want add certificate for user in order they could open encrypted file, it doesnt let me choose. "Find User.." check box is grayed-out. . .
Thank you in advance. . . .
April 26th, 2012 8:32am
Hello,
Thank you for your post.
This is a quick note to let you know that we are performing research on this issue.
Best Regards
Elytis ChengElytis Cheng
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
April 27th, 2012 6:18am
Hi,
In order to add users from Active Directory to an encrypted file, you have to find
the PDC FSMO. If the PDC FSMO can't be found, the Find... button is disabled
(greyed out).
How to view and transfer FSMO roles in Windows Server 2003
http://support.microsoft.com/kb/324801
Please make sure there is no related policy setting:
Computer configuration -> Windows Settings -> Security Settings -> Public Key Policies ->Encrypting File System.
You can share encrypted files with other users if you have the certificate for the other user. To allow another user to use a file that you have encrypted, you need to import her certificate onto your computer and add her user name to the list of users who
are permitted access to the file.
For details:
http://sourcedaddy.com/windows-7/how-to-import-personal-certificates.html
Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
Hope this helps!
Best Regards
Elytis ChengElytis Cheng
TechNet Community Support
April 28th, 2012 3:32am
Hi,
Thank you for your response. I have verified things that you mentioned and everything is OK so there is no problem with FSMO roles, there is no additional security policy roles assigned to the Computers Settings. "Find Users. . "- this is for adding user certificates,
not for user accounts. It doesn't let me find certificates of User that joined "Domain 2008". But I can see all the certificates that was issued to user computers. Could you suggest any source about how to use AD CS for encryption files. There a lot
of materials related with creating and issuing certificates but how to use certificates why we need it . . . I want dig into it.
Free Windows Admin Tool Kit Click here and download it now
April 30th, 2012 1:55am
Hi,
Could anyone reply to my question . . . . . ?
May 7th, 2012 8:59am