Encrypting File System (EFS)
|
Rather Have Fast and Secure Remote
Control?
|
One last area we need to investigate is how to disable EFS. Quite simply, if not managed properly, EFS could become more of a headache than anything else. Though you might think it would be as simple as changing a checkbox somewhere, unfortunately that’s not the case. It isn’t that hard anyhow, but you need to understand the repercussions of what you’re doing. The way that EFS is disabled is by either removing the recovery agents (which is considered having an empty policy), or by applying no policy at all. Although the two look similar, they are actually different in how they behave. Recovery agent policy settings can be set at the domain, OU and local levels.
| No Policy | Empty Policy | |
| System without domain membership | Disables EFS | Disables EFS |
| System with domain membership | Depends on OU and domain settings | Depends on OU and domain settings |
As far as OU and domain recovery policies are concerned, both ‘no policy’ and an ‘empty policy’ will have different outcomes because of how recovery policy settings are inherited.
Having no policy applied disables policy at whichever level it were set. For example, if you had no policy applied at the domain level, it would only apply to computers at that level, and any lower level policies (such as OU or local policies) would still take effect.
Applying an empty policy at any level disables EFS at that level and all lower levels as well.
As such, if you wanted to disable EFS throughout an entire domain, the easiest way would be to simply remove all recovery agents from the domain-level policy, leaving it empty.
And there it is. EFS, while easy to configure for the user, certainly involves a little more consideration from the System Admin. I hope this article has provided you with a solid overview of EFS, a better understanding of how it actually works, and some important details about how it might impact you in your day-to-day dealings with Windows 2000.
Written by Dan DiNicolo - Visit Website
Next post in Windows 2000:
Managing Windows Servers with Terminal Services
Next post in Security:
Security Configuration and Analysis
Previous post in Windows 2000:
Deploying Scripts Using Group Policy
All Tutorials by Category:
- CCDA Study Guide
- CCNA Study Guide Chapter 01
- CCNA Study Guide Chapter 02
- CCNA Study Guide Chapter 03
- CCNA Study Guide Chapter 04
- CCNA Study Guide Chapter 05
- CCNA Study Guide Chapter 06
- CCNA Study Guide Chapter 07
- CCNA Study Guide Chapter 08
- CCNA Study Guide Chapter 09
- CCNA Study Guide Chapter 10
- CCNA Study Guide Chapter 11
- CCNA Study Guide Chapter 12
- Cognos
- Computer Hardware
A
C
D
E
F
G
H
I
L
M
N
Entire site Copyright © 1999-2007 2000Trainers.com, all rights reserved.
Content on this site may not be copied or reproduced in any way without permission.
