[unisog] Windows Encrypted File System (EFS)

John Valenti valenti at msu.edu
Fri Feb 10 15:57:32 GMT 2006


I'm not using EFS yet, but am considering it for some folders.

This example makes me wonder ... here, people continuing logging in to 
the domain on off-site laptops (using cached credentials, I think you 
call it). Generally the only local account is administrator and they 
don't even know the password.  Would EFS continue working off-site?

I would think the EFS key chain would also be cached on the laptop.

And am I missing something by not using local accounts on the laptop?  
My research led me to believe everything should be done from domain 
accounts, and the local accounts secured at installation and basically 
ignored afterwards.


On Feb 9, 2006, at 4:43 PM, Stasiniewicz, Adam wrote:

>
>> Laptop is joined to the domain, and while at work, the user
>> logges into the domain and works on some EFS files (on the laptop),
>> then they log off and take the laptop home.  The user will not be
>> able to access their EFS files on the laptop using a local account.
>> Is that true?
>>
> By default yes.  But you install a copy of the private key into the
> local user's certificate store to allow access to the EFS files.



More information about the unisog mailing list