How can I limit, or constrain, what is delegated in AD and still enable EFS on a remote server?
I have emplemented EFS on a file server and enabled it for delegation in AD. My remote users are abe to RWXD to this EFS-encrypted folder. The question now is how can I limit this delegation? What specific services are required? Though I have found it on numerous sites, I have found one single thread on this topic and it was not conclusive. This is a W2k3 file server in a 2k3 AD domain. The clients accessing this remote EFS-share are only w2k3 servers.
March 24th, 2011 9:58am

Hi, Take a look at this paper http://technet.microsoft.com/en-us/library/bb457116.aspx#EHAA how did you enable the delegation?
Free Windows Admin Tool Kit Click here and download it now
March 26th, 2011 6:25am

I don't think it works with constrained delegation at all. you need the unconstrained so there is no limitation possible. ondrej.
March 26th, 2011 3:58pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics