[unisog] Windows Encrypted File System (EFS)
valenti at msu.edu
Fri Feb 10 15:57:32 GMT 2006
I'm not using EFS yet, but am considering it for some folders.
This example makes me wonder ... here, people continuing logging in to
the domain on off-site laptops (using cached credentials, I think you
call it). Generally the only local account is administrator and they
don't even know the password. Would EFS continue working off-site?
I would think the EFS key chain would also be cached on the laptop.
And am I missing something by not using local accounts on the laptop?
My research led me to believe everything should be done from domain
accounts, and the local accounts secured at installation and basically
On Feb 9, 2006, at 4:43 PM, Stasiniewicz, Adam wrote:
>> Laptop is joined to the domain, and while at work, the user
>> logges into the domain and works on some EFS files (on the laptop),
>> then they log off and take the laptop home. The user will not be
>> able to access their EFS files on the laptop using a local account.
>> Is that true?
> By default yes. But you install a copy of the private key into the
> local user's certificate store to allow access to the EFS files.
More information about the unisog