Q: I regularly use the Encrypting File System (EFS) to encrypt files that are stored on my PC and on file shares (these shares are located on our corporate Windows file servers). Does EFS provide a mechanism to share encrypted files with other users? It would be very handy to give certain colleagues access to my encrypted files on the file shares.
A: Yes, the EFS supports encrypted file sharing between different users. EFS file sharing was introduced in Windows XP and Windows Server 2003 – and is thus not available for Windows 2000 EFS. It enables a user that has access to an EFS-encrypted file to share it with other users. EFS file sharing can be set up only for individual user accounts, not for group accounts. From an administration point-of-view, things would certainly have been much simpler if Microsoft had let users share their encrypted files with Windows groups. But because EFS relies on X.509-based certificates that by definition can only be issued to individual users and not groups, this is impossible. Another important limitation is that EFS file sharing can be applied only to individual EFS-encrypted files, and not to EFS-encrypted NTFS folders. Also remember that EFS is only available on the NT File System (NTFS), and not on other Windows file systems such as FAT or FAT32. . . .
Register
