G
Guest
Is there any way to enforce the usage of Active Directory published EFS
Certificate instead of creating a new one every time I change a PC ?
Here is why:
The first time I use EFS on a PC, it locally generates an EFS Certificate
(i.e. self-signed). I can publish this Certificate in Active Directory so
that other users can enable me to read their encrypted documents - All is
fine.
However, if i change the PC (or work from some other location), the first
time I try to encrypt the file another/new/different local (self-signed) EFS
Certificate will be created for me.
Now, I thought that PCs (i.e. Windows XP) are smart enough to check the
Active Directory whether there is already a published Certificate and use the
same one instead of creating a new one (local, self-signed).
Or perhaps I should have asked: since there can be only one private key for
each public key (i.e. certificate), is it possible to store (and use as
needed) the private key in Active Directory along with the corresponding
Certificate ?
Certificate instead of creating a new one every time I change a PC ?
Here is why:
The first time I use EFS on a PC, it locally generates an EFS Certificate
(i.e. self-signed). I can publish this Certificate in Active Directory so
that other users can enable me to read their encrypted documents - All is
fine.
However, if i change the PC (or work from some other location), the first
time I try to encrypt the file another/new/different local (self-signed) EFS
Certificate will be created for me.
Now, I thought that PCs (i.e. Windows XP) are smart enough to check the
Active Directory whether there is already a published Certificate and use the
same one instead of creating a new one (local, self-signed).
Or perhaps I should have asked: since there can be only one private key for
each public key (i.e. certificate), is it possible to store (and use as
needed) the private key in Active Directory along with the corresponding
Certificate ?