How can I limit, or constrain, what is delegated in AD and still enable EFS on a remote server?
I have emplemented EFS on a file server and enabled it for delegation in AD. My remote users are abe to RWXD to this EFS-encrypted folder. The question now is how can I limit this delegation? What specific services are required?
Though I have found it on numerous sites, I have found one single thread on this topic and it was not conclusive.
This is a W2k3 file server in a 2k3 AD domain. The clients accessing this remote EFS-share are only w2k3 servers.
March 24th, 2011 9:58am
Hi,
Take a look at this paper http://technet.microsoft.com/en-us/library/bb457116.aspx#EHAA
how did you enable the delegation?
Free Windows Admin Tool Kit Click here and download it now
March 26th, 2011 6:25am
I don't think it works with constrained delegation at all. you need the unconstrained so there is no limitation possible.
ondrej.
March 26th, 2011 3:58pm