Monday, July 23, 2012

WebDAV EFS don't work on Windows Server 2008 (R2)?

You may have attempted to follow this Technet guide to test out Remote EFS on WebDAV folder. And it turned out that the encrypted file is either corrupted or not encrypted at all!

In order for EFS to work on WebDAV, you'll need to enable Custom Properties on IIS7. Follow this guide and it works like a charm!

If you're implementing Credential Roaming for EFS certificates, do take care of sufficient storage on Domain Controllers. Roaming certificates and keys are stored on DCs and would be replicated. Refer to this Technet link for considerations.

Wednesday, July 18, 2012

How to share EFS encrypted file

It's pretty straightforward to encrypt a file on local drives. All you need to do is to right-click on the "Properties" -> "General" -> "Advanced" and check on "Encrypt contents to secure data". This is provided that you have enrolled with a EFS certificate in your user certificate store. Credential roaming works great if you are going to login to multiple machines. 

To share the encrypted file with other users, you've to add their EFS certs to the file before they can access it. On the file that you intend to share, right-click on "Properties" -> "General" -> "Advanced" -> "Detail" -> "Add".
Click on "Find User".
Even though you have selected the user, you won't be able to add them. You've to first install the EFS cert to the "Other People" store in your personal cert store. Click on "View Certificate" and install this cert to your "Other People Store". Click on the "Add" user button again and you'll be able to add the cert to the encrypted file now.