Certificates / PKI

[stevesklar]

Is it possible to configure a Folder on a win2000 server
for PKI and certificate authority ?

We want to config a Folder & the internal files (excel,
word, etc.) to be read on our LAN by certificate holding
people only (2 or 3). No other certificates to anyone
else.

Does this have to be for each file or just the folder?
Is this possible with certificates?

 

[David Cross [MS]]

Do you mean to encrypt the files with a certificate using EFS? Example:
http://www.microsoft.com/WindowsXP/pro/techinfo/administration/recovery/default.asp

You can encrypt files on a individual basis and add users to those files,
see whitepaper link above.

You cannot however require that access to files be based on certificates
only - Windows authentication is based on NTLM, kerberos, etc which can rely
on a smartcard, but the actual authorization is through the kerberos
protocol.

hope that answers your question.

 

[stevesklar]

That would be it. I've been doing reading and just now
catching onto all the concepts, etc.

The only item now that I need to determine is how to setup
the server. There are four options, 2 for standalone and
2 for Domain. Considering my win2k server is part of a
Domain it's narrowed down to 1 of 2 options.

Steve

-----Original Message-----
Do you mean to encrypt the files with a certificate using EFS? Example:
http://www.microsoft.com/WindowsXP/pro/techinfo/administra tion/recovery/default.asp

You can encrypt files on a individual basis and add users to those files,
see whitepaper link above.

You cannot however require that access to files be based on certificates
only - Windows authentication is based on NTLM, kerberos, etc which can rely
on a smartcard, but the actual authorization is through the kerberos
protocol.

hope that answers your question.

--


David B. Cross [MS]

--
This posting is provided "AS IS" with no warranties, and confers no rights.

http://support.microsoft.com

Is it possible to configure a Folder on a win2000 server
for PKI and certificate authority ?

We want to config a Folder & the internal files (excel,
word, etc.) to be read on our LAN by certificate holding
people only (2 or 3). No other certificates to anyone
else.

Does this have to be for each file or just the folder?
Is this possible with certificates?

.

 

[David Cross [MS]]

some of the papers linked on http://www.microsoft.com/pki should help guide
you or take a look at our best practices paper:

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/maintain/operate/ws3pkibp.asp

--


David B. Cross [MS]

--
This posting is provided "AS IS" with no warranties, and confers no rights.

http://support.microsoft.com

That would be it. I've been doing reading and just now
catching onto all the concepts, etc.

The only item now that I need to determine is how to setup
the server. There are four options, 2 for standalone and
2 for Domain. Considering my win2k server is part of a
Domain it's narrowed down to 1 of 2 options.

Steve

-----Original Message-----
Do you mean to encrypt the files with a certificate using EFS? Example:
http://www.microsoft.com/WindowsXP/pro/techinfo/administra tion/recovery/default.asp

You can encrypt files on a individual basis and add users to those files,
see whitepaper link above.

You cannot however require that access to files be based on certificates
only - Windows authentication is based on NTLM, kerberos, etc which can rely
on a smartcard, but the actual authorization is through the kerberos
protocol.

hope that answers your question.

--


David B. Cross [MS]

--
This posting is provided "AS IS" with no warranties, and confers no rights.

http://support.microsoft.com

Is it possible to configure a Folder on a win2000 server
for PKI and certificate authority ?

We want to config a Folder & the internal files (excel,
word, etc.) to be read on our LAN by certificate holding
people only (2 or 3). No other certificates to anyone
else.

Does this have to be for each file or just the folder?
Is this possible with certificates?

.