ntds.dit and EFS

J

jamestulloch

Hi,

Has anyone out ther completely encrypted a 2003 DC using EFS including
the AD database itself?

I have been asked to do this for my client but I am not confident that
it is a good idea. They want to protect themselves if someone walks off
with a DC.

TIA

James
 
J

Jorge de Almeida Pinto [MVP - DS]

encrypting system files (NTDS.DIT is one as being the DB for AD) can make
your system unbootable. I not even sure if it supported...

It is not possible to encrypt the NTDS.DIT using EFS as the DB is being used
by the system.

For your issue at this moment you have the following solutions:
* Make sure the DC is placed within a SECURE location
* Place that DC within a virtual machine on a host and then encrypt the
virtual machine files...

Windows Server Longhorn will have a better solution for you introducing a
Read-Only domain controller

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Domain EFS Recovery Agent 2
EFS Auto enroll 0
bug with efs on server 2003 5
EFS DRA policy 1
Help with EFS 1
Check EFS strength 1
EFS mixed clients and shared folders 1
DFS , EFS and NTFRFS 4

Top