EFS through Certificates



I would like to be completely in control of recovering users certificates
that they may use for signing email and encrypting files.

But what about the users default ability to encrypt files? How can I stop
this so I issue them user certificates to acheive this? Something about
superseding templates?




In an Active Directory environment, you can disable the ability of end users
to encrypt files by using Group Policy:

Under the Windows Settings - Security Settings - Public Key Policies -
Encrypting File System. Right Click on Encrypting File System and remove the
checkbox from
'Allow users to encrypt files using EFS'.

If not using Active Directory, you can find the same settings in the Local
Security Policy on each computer.

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads