Encrypting File System File Sharing
Windows XP's EFS supports file sharing between multiple users on a single file. This provides an opportunity for data recovery by adding additional users to an encrypted file. Although the use of additional users cannot be enforced through policy or other means, it is a useful and easy method for enabling recovery of encrypted files by multiple users without actually using groups, and without sharing private keys between users.
Once a file has been initially encrypted, file sharing is enabled through a new button in the user interface (UI). A file must be encrypted first and then saved before additional users may be added. After selecting the Advanced Properties of an encrypted file, a user may be added by selecting the Details button. Individual users may add other users (not groups) from the local machine or from the Active Directory, provided the user has a valid certificate for EFS.
Enabling EFS file sharing
Sharing encrypted files using EFS has been supported since Windows 2000 through Win32 application program interfaces, but EFS has not been exposed in the Windows Explorer User Interface until the development of the Windows XP Professional.
How to encrypt a file for multiple users?
- Open Windows Explorer and select the file you want to encrypt
- Right-click the chosen file and select Properties from the context menu.
- Select the Advanced button to enable EFS.
- Encrypt the file by selecting the Encrypt contents to secure data check box and Click OK
If this is the first time this file or folder has been encrypted, a dialog box will appear asking if you would like to encrypt the file only or the folder.- Select the appropriate choice and click OK. This will return you to the original dialog box.
Note : The file is not encrypted until you click OK. Also, additional users may not be added until the file has been encrypted by the first user.- Click OK to encrypt the file.
- Open the file properties again through the Advanced properties button and then select the Details button to add additional users. Once the Details dialog box is open, the add user option will be displayed.
Note : Additional information is available in the Encryption Details dialog box which may be useful for troubleshooting purposes.
Bookmarks