Deploy EFS using GPO

From Michael's Information Zone
Revision as of 13:16, 20 June 2016 by Michael.mast (talk | contribs) (Created page with "This has been a fun ride figuring out what Windows wanted from me in order to make this happen. <br> ==Without Using CA Server== What I really needed was a way to deploy EFS u...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

This has been a fun ride figuring out what Windows wanted from me in order to make this happen.

Without Using CA Server

What I really needed was a way to deploy EFS using existing servers knowing that new ones will be brought online within the month, and creating a temporary CA in Windows Server didn't sound like a good idea. I needed to accomplish the following

  • Enable EFS
  • Push EFS to all users on the domain
  • Only encrypt sensitive files
  • Have a way to decrypt in an emergency (should never be needed, but I get paranoid with data).


1.

  • Open up Group Policy Manager


https://www.youtube.com/watch?v=vUCf4SPDqCQ https://technet.microsoft.com/en-us/magazine/2007.02.securitywatch.aspx https://technet.microsoft.com/en-us/magazine/2007.03.securitywatch.aspx https://mizitechinfo.wordpress.com/2014/07/29/step-by-step-encrypting-user-data-with-efs-in-windows-server-2012-r2/ https://support.microsoft.com/en-us/kb/937536 https://technet.microsoft.com/en-us/library/cc770315(v=ws.10).aspx

Retrieved from "https://wiki.1701technology.com/index.php?title=Deploy_EFS_using_GPO&oldid=103"