Deploy EFS using GPO

From Michael's Information Zone
Revision as of 13:16, 20 June 2016 by Michael.mast (talk | contribs)
Jump to navigation Jump to search

This has been a fun ride figuring out what Windows wanted from me in order to make this happen.

Without Using CA Server

What I really needed was a way to deploy EFS using existing servers knowing that new ones will be brought online within the month, and creating a temporary CA in Windows Server didn't sound like a good idea. I needed to accomplish the following

  • Enable EFS
  • Push EFS to all users on the domain
  • Only encrypt sensitive files
  • Have a way to decrypt in an emergency (should never be needed, but I get paranoid with data).


1.

  • Open up Group Policy Manager


https://www.youtube.com/watch?v=vUCf4SPDqCQ
https://technet.microsoft.com/en-us/magazine/2007.02.securitywatch.aspx
https://technet.microsoft.com/en-us/magazine/2007.03.securitywatch.aspx
https://mizitechinfo.wordpress.com/2014/07/29/step-by-step-encrypting-user-data-with-efs-in-windows-server-2012-r2/
https://support.microsoft.com/en-us/kb/937536
https://technet.microsoft.com/en-us/library/cc770315(v=ws.10).aspx