Encrypting User Data with EFS in Windows Server 2016
A step-by-step guide on how to encrypt user data using Encrypting File System (EFS) in Windows Server 2016, including preparation of domain controllers and configuration details.

microsoft lab
10.3K views ⢠Jun 28, 2017

About this video
Donate Us : paypal.me/MicrosoftLab
Encrypting User Data with EFS in Windows Server 2016
1. Prepare
- DC21 : Domain Controller, IP 10.0.0.21 | DC22 : Certificates Server, IP 10.0.0.22 | WIN1091, WIN1092 : Domain Member (IP 10.0.0.91, 10.0.0.92)
2. Step by step : Encrypting Data for HiepIT account with EFS
- DC22 : Install "Active Directory Certificate Services"
+ Server Manager - Manage - Add Roles and Features - Next to Server Roles : Select "Active Directory Certificate Services" - Add Features
- Next to Role Services : Select "Certification Authority" and "Certificate Enrollment Policy Web Service" - Add Features - Install
+ Notifications - Congifure Active Directory Certificate Services on the distination server - Role Service : Select "Certification Authority"
- Setup Type : Enterprise CA - Next to CA Name : Common name for this CA : PNS-CA - Configure
- DC21 : Delete certificate default
+ Server Manager - Tools - Group Policy Management - Default Domain Policy - Edit⦠- Computer Configuration - Policies - Windows Settings
- Security Settings - Public key Policies - Encrypting File System - Delete : Administrator
+ Start - cmd - gpupdate /force
- WIN1091 : logon using HiepIT account. Update policy, Request certificate and create a floder share. Start - cmd - gpupdate /force
+ Create and share a folder named DATA, create a file text named report.txt local drive C:
+ WIN1092 : Logon using VietIT account. Start - \\10.0.0.91\DATA - Double-click report.txt === OK
+ Start - mmc - File - Add/Remove Snap-in...- Certificates - Add - Right-click Personal - All Tasks - Request New Cerfiticate⦠- Select Basic EFS - Enroll
+ Right-click report.txt - Genernal tab - Advanced⦠- Check "Encrypt contents to secure data" - Choose " Encrypt the file and its parent folder (recommended)"- OK
- WIN1092 : Logon using VietIT account.
+ Start - cmd - gpupdate /force
+ Start - \\10.0.0.91\DATA - Double-click report.txt === Access is denied
+ Logon using account HiepIT. Start - \\10.0.0.91\DATA - Double-click report.txt === OK
Encrypting User Data with EFS in Windows Server 2016
1. Prepare
- DC21 : Domain Controller, IP 10.0.0.21 | DC22 : Certificates Server, IP 10.0.0.22 | WIN1091, WIN1092 : Domain Member (IP 10.0.0.91, 10.0.0.92)
2. Step by step : Encrypting Data for HiepIT account with EFS
- DC22 : Install "Active Directory Certificate Services"
+ Server Manager - Manage - Add Roles and Features - Next to Server Roles : Select "Active Directory Certificate Services" - Add Features
- Next to Role Services : Select "Certification Authority" and "Certificate Enrollment Policy Web Service" - Add Features - Install
+ Notifications - Congifure Active Directory Certificate Services on the distination server - Role Service : Select "Certification Authority"
- Setup Type : Enterprise CA - Next to CA Name : Common name for this CA : PNS-CA - Configure
- DC21 : Delete certificate default
+ Server Manager - Tools - Group Policy Management - Default Domain Policy - Edit⦠- Computer Configuration - Policies - Windows Settings
- Security Settings - Public key Policies - Encrypting File System - Delete : Administrator
+ Start - cmd - gpupdate /force
- WIN1091 : logon using HiepIT account. Update policy, Request certificate and create a floder share. Start - cmd - gpupdate /force
+ Create and share a folder named DATA, create a file text named report.txt local drive C:
+ WIN1092 : Logon using VietIT account. Start - \\10.0.0.91\DATA - Double-click report.txt === OK
+ Start - mmc - File - Add/Remove Snap-in...- Certificates - Add - Right-click Personal - All Tasks - Request New Cerfiticate⦠- Select Basic EFS - Enroll
+ Right-click report.txt - Genernal tab - Advanced⦠- Check "Encrypt contents to secure data" - Choose " Encrypt the file and its parent folder (recommended)"- OK
- WIN1092 : Logon using VietIT account.
+ Start - cmd - gpupdate /force
+ Start - \\10.0.0.91\DATA - Double-click report.txt === Access is denied
+ Logon using account HiepIT. Start - \\10.0.0.91\DATA - Double-click report.txt === OK
Video Information
Views
10.3K
Likes
24
Duration
12:32
Published
Jun 28, 2017
User Reviews
3.9
(2) Related Trending Topics
LIVE TRENDSRelated trending topics. Click any trend to explore more videos.
No specific trending topics match this video yet.
Explore All Trends