EFS Adding Names

[Myrt Webb]

I have XP Pro workstations on my Win2000 domain. The XP
workstations are allowed to store EFS encypted files on a
Win2000 server.

When users add other users to be able to open EFS
encypted files they are denied.

The files are secured by IPsec on the network.

What do I need to look at to solve this?

 

[Guest]

Are you saying that users are denied when they try to add other users to
their files? Or, are you saying that added users are getting "Access is
denied" when they try to access the files?

If it's the latter, the Win2000 server may not have the private keys for the
added users. The EFS add-user process for remote files takes place on the
client-side, not the server-side. After you add a user's certificate (public
key) to a file, then the server needs to have the matching private key to
open it for that user. If the added user has a roaming profile, this is not
an issue; the server can get the matching private key from the profile
through AD.

Thanks.
Pat