I have been exploring the option of EFS in my environment, specifically onmy organizations file servers. However, I have come across a small snag, at least I believe it to be a snag. I am looking for an encryption mechanism that allows me to control the accessto particular department shares using Active DirectoryGroups as well as encrypt its content. I don't want to have to issue keys/certificates on an individual basis; what I would like to do is issue the key/certificate to a domain group and then simply add or remove users from the group as the control point for access and encryption. Is this even an option with EFS, or does this fundamentaly violate the technical premise of the technology? Everything that I have read to date references users, indiviuals, and users pc's. If EFS is not my guy, does anyone have suggestions about a product that would allow me the functionality described above? Thanks for any input.

> I don't want to have to issue keys/certificates on an individual basis; what I would like to do is issue the key/certificate to a domain group and then simply add or remove users from the group as the control point for access and encryptionyou cannot use EFS without certificates. Also you cannot issue certificates to groups, to principals only users, computers, services. Each principal must have private key to decrypt encrypted files. The next only file owner (who encrypted file) can add other users to share this file with other. And the last when you add new users to access to encrypted file, you can specify ONLY individual user accounts and who has published EFS certificate in AD.Can you explain your requirements? http://www.sysadmins.lv

This is what I thought the response would be. I guess I will need to evaluate a different product such as PGP. Thank you for the response.