I need Hyperion to pull data (photos) from an encrypted volume. I have been looking at EFS. Currently, EFS is not working in our domain due to an expired recovery agent.
Ive read about setting encryption at the folder level in 2008 and using NTFS to limit access and rights (read only vs modify, etc).
I need an encrypted data space (voume, folder, etc) that can be queried by a DB Agent (using a service account of course). We would have to encrypt the data transfer (over the wire), but thats another issue.
Is EFS the solution?
If I enable "domain" EFS by creating recovery agents and such, is EFS then available to anyone with sufficient rights to a file or folder? I am not sure I want it to be a domain "service".
Thank you

Need to support users over the internet? click here try our remote control online beta

It is a recommended best practice to use EFS at the folder level; thus encrypting all objects contained in that folder.
The service account will need an EFS certificate and that certificate will need to be granted access to the encrypted data. Also, NTFS & Share permissions will need to be set allowing the service account access to the folder & files.
When using EFS on a file share, access is allowed when a user has satisfied the following: Share permissions, NTFS permissions, and finally the user's EFS Certificate is granted access.
This link has a lot of great information regarding EFS:

http://technet.microsoft.com/en-us/library/cc700811.aspx


There is an amazing pack of free network admin tools. click here to download it

It is a recommended best practice to use EFS at the folder level; thus encrypting all objects contained in that folder.
The service account will need an EFS certificate and that certificate will need to be granted access to the encrypted data. Also, NTFS & Share permissions will need to be set allowing the service account access to the folder & files.
When using EFS on a file share, access is allowed when a user has satisfied the following: Share permissions, NTFS permissions, and finally the user's EFS Certificate is granted access.
This link has a lot of great information regarding EFS:

http://technet.microsoft.com/en-us/library/cc700811.aspx


There is an amazing pack of free network admin tools. click here to download it

The service account cannot be granted access to the FOLDER, that option isnt available. I am working on exporting and importing certs, but we are in AD and so I have to figure out if the cert used to encrypt was local or CA.

Need to support users over the internet? click here try our remote control online beta