Letting Others Open Encrypted Files on a Network Share

G

Guest

I am having trouble allowing others access to files I (or anyone else, for
that matter) encrypt on our File Server.

A little backgrond information. I am running a W2k3 AD network with one
Domain and two OU's. Each OU has other OU's under them. On one of our File
Servers (running W2k3 Server) we have setup a share that has an encrypted
folder, along with other folders that are not encrypted, to hold files that
contain sensitive information. Permissions for this share include a Group
with full permissions whose members are those authorized to view and
manipulate these files. The idea is to have the user (a member of the Group)
move the file into the encrypted folder once they have processed it, thus
encrypting it. From time to time these encrypted files need to be re-opened
for examination, not only by the one who has encrypted it, but also certian
other members of the Group, and that is where my problem lies. The one who
moved the file into the encrypted folder can open the file, no problem.
However, when that person (the one who moved it there) adds another person
(individuals, not the Group) to the list of those authorized to open the
file, the added person is not able to open the file, they get an Access
Denied message.

I have had each user involved encrypt a file on their PC to set an
encryption certificate and trusted the File Server in question for
delegation. I've had a couple of the users move unencrypted files into this
encrypted folder. The file becomes encrypted and the user who moved it there
can open it, etc. But, when they go to add other users, even though they can
find the other user's certificates and add them, those other user's still
cannot open the file, only the one who moved it there in the first place can.
I have tried accessing these files under the Domain Recovery Agent account
and adding user's to the files that way, but still no luck.

Is there something that I am missing? Some setting -- or settings -- that
need to be enabled / disabled? Or, can such a thing as I am trying to attempt
even be accomplished? Any help, suggestions, or directions to further
information would be greatly appreciated. Also, if you need more information
on what I am trying to do please let me know.

Thanks!
 
K

Kerry Brown

tfw said:
I am having trouble allowing others access to files I (or anyone else, for
that matter) encrypt on our File Server.

A little backgrond information. I am running a W2k3 AD network with one
Domain and two OU's. Each OU has other OU's under them. On one of our File
Servers (running W2k3 Server) we have setup a share that has an encrypted
folder, along with other folders that are not encrypted, to hold files
that
contain sensitive information. Permissions for this share include a Group
with full permissions whose members are those authorized to view and
manipulate these files. The idea is to have the user (a member of the
Group)
move the file into the encrypted folder once they have processed it, thus
encrypting it. From time to time these encrypted files need to be
re-opened
for examination, not only by the one who has encrypted it, but also
certian
other members of the Group, and that is where my problem lies. The one who
moved the file into the encrypted folder can open the file, no problem.
However, when that person (the one who moved it there) adds another person
(individuals, not the Group) to the list of those authorized to open the
file, the added person is not able to open the file, they get an Access
Denied message.

I have had each user involved encrypt a file on their PC to set an
encryption certificate and trusted the File Server in question for
delegation. I've had a couple of the users move unencrypted files into
this
encrypted folder. The file becomes encrypted and the user who moved it
there
can open it, etc. But, when they go to add other users, even though they
can
find the other user's certificates and add them, those other user's still
cannot open the file, only the one who moved it there in the first place
can.
I have tried accessing these files under the Domain Recovery Agent account
and adding user's to the files that way, but still no luck.

Is there something that I am missing? Some setting -- or settings -- that
need to be enabled / disabled? Or, can such a thing as I am trying to
attempt
even be accomplished? Any help, suggestions, or directions to further
information would be greatly appreciated. Also, if you need more
information
on what I am trying to do please let me know.

Thanks!
Click to expand...

You have to share each file. See the following MS article.

http://support.microsoft.com/default.aspx?scid=kb;en-us;308991&sd=tech

Efs seems to work best if only one user accesses a file. Multiple user
access is complicated and doesn't always work as expected.

Kerry
 
G

Guest

Kerry Brown said:
You have to share each file. See the following MS article.

http://support.microsoft.com/default.aspx?scid=kb;en-us;308991&sd=tech

Efs seems to work best if only one user accesses a file. Multiple user
access is complicated and doesn't always work as expected.

Kerry
Click to expand...

Kerry,

Thanks for the reply, but i do have these permissions set on the Folder
where these encrypted filse set. In fact, i havedone everything I could find
that MS says to do to have this sharing, but other users still cannot access
the encrypted files when the one who has placed it has given them permission
per the instructions.

Thanks.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Copied files are not decrypted 10
Encrypted files 6
encrypted files 1
Encrypted folders 2
Xcopy cannt copy encrypted file folders to network share 1
decrypt my encrypted files 4
EFS, encryption and offline files 2
Sharing Encrypted Files With Limited Users 1

Top