Windows 2012 Server File Encryption

windows-server-2012 encrypting-file-system
7,056

BitLocker only protects data at rest.

EFS only uses public/private key encryption - certificates. The certificates may be self-signed and created automatically by Windows (sub-optimal), or you can have your AD CA auto-enroll users for EFS certificates (preferred). CA-issued certificates may be required, unless your usage scenario is very simple. Certificates may also be associated with AD accounts/published in AD. Sharing EFS encrypted data between users is a bit convoluted.

There are also separate Data Recovery Agent (DRA) account/certificates that are not required for EFS to work, but are a good idea to have/configure if you need to decrypt the data in the event you lose access to the account that encrypted the files. By default, the builtin Administrator account may be designated as the DRA.

EFS is very complicated to configure and manage correctly. If you only have few spreadsheets, you may want to evaluate if the Excel password protection is an option (should be xlsx, due to the older format password scheme was woefully insecure).

Find some usefull links on microsoft.com as follows,

The Encrypting File System

Best practices for the Encrypting File System

Enabling File Encryption

Share:
7,056

Related videos on Youtube

Acerbity
Author by

Acerbity

Updated on September 18, 2022

Comments

  • Acerbity
    Acerbity over 1 year

    I am looking for a solution to encrypt directories/files on a Windows 2012 server.

    Several Excel files will be stored in a share, and I am looking for a solution to encrypt them independently. From what I can tell, BitLocker is not what I am looking for, but EFS might work for me.

    Is there a way to use EFS using only domain credentials for access, or are certificates necessary?

    • Peter Hahndorf
      Peter Hahndorf about 9 years
      if you are using the xlsx format and allow more than one user access to the files, it becomes a pain because after editing the file is only encrypted for the current user and lost information about any other users.
  • Acerbity
    Acerbity about 9 years
    Unfortunately there is nothing simple about my situation. Thanks for the info, this is on par with what I had found already.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Where to access "Share folder" on Remote Desktop host?
New-Object : The term New-Object is not recognized as the name of a cmdlet
"Object named IIS_IUSRS could not be found" when adding user to PHP sessions directory iis 8
A positional parameter cannot be found that accepts argument '\*'
Creating subdomains and A records to servers in Windows Server DNS
Installing AppFabric 1.1 on Windows Server 2012 Giving Error
Powershell: Permanently Modify Path, "Requested registry access is not allowed."
Where does bitbucket server store the repository?
How handle Application Error Exception code: 0xc00000fd
How to decrypt files without the EFS Certificate (Windows 8)