Encrypting User Data with EFS in Windows Server 2016
A step-by-step guide on how to encrypt user data using Encrypting File System (EFS) in Windows Server 2016, including preparation of domain controllers and configuration details.
microsoft lab
10.3K views ā¢ Jun 28, 2017
About this video
Donate Us : paypal.me/MicrosoftLab
Encrypting User Data with EFS in Windows Server 2016
1. Prepare
- DC21 : Domain Controller, IP 10.0.0.21 | DC22 : Certificates Server, IP 10.0.0.22 | WIN1091, WIN1092 : Domain Member (IP 10.0.0.91, 10.0.0.92)
2. Step by step : Encrypting Data for HiepIT account with EFS
- DC22 : Install "Active Directory Certificate Services"
+ Server Manager - Manage - Add Roles and Features - Next to Server Roles : Select "Active Directory Certificate Services" - Add Features
- Next to Role Services : Select "Certification Authority" and "Certificate Enrollment Policy Web Service" - Add Features - Install
+ Notifications - Congifure Active Directory Certificate Services on the distination server - Role Service : Select "Certification Authority"
- Setup Type : Enterprise CA - Next to CA Name : Common name for this CA : PNS-CA - Configure
- DC21 : Delete certificate default
+ Server Manager - Tools - Group Policy Management - Default Domain Policy - Editā¦ - Computer Configuration - Policies - Windows Settings
- Security Settings - Public key Policies - Encrypting File System - Delete : Administrator
+ Start - cmd - gpupdate /force
- WIN1091 : logon using HiepIT account. Update policy, Request certificate and create a floder share. Start - cmd - gpupdate /force
+ Create and share a folder named DATA, create a file text named report.txt local drive C:
+ WIN1092 : Logon using VietIT account. Start - \\10.0.0.91\DATA - Double-click report.txt === OK
+ Start - mmc - File - Add/Remove Snap-in...- Certificates - Add - Right-click Personal - All Tasks - Request New Cerfiticateā¦ - Select Basic EFS - Enroll
+ Right-click report.txt - Genernal tab - Advancedā¦ - Check "Encrypt contents to secure data" - Choose " Encrypt the file and its parent folder (recommended)"- OK
- WIN1092 : Logon using VietIT account.
+ Start - cmd - gpupdate /force
+ Start - \\10.0.0.91\DATA - Double-click report.txt === Access is denied
+ Logon using account HiepIT. Start - \\10.0.0.91\DATA - Double-click report.txt === OK
Encrypting User Data with EFS in Windows Server 2016
1. Prepare
- DC21 : Domain Controller, IP 10.0.0.21 | DC22 : Certificates Server, IP 10.0.0.22 | WIN1091, WIN1092 : Domain Member (IP 10.0.0.91, 10.0.0.92)
2. Step by step : Encrypting Data for HiepIT account with EFS
- DC22 : Install "Active Directory Certificate Services"
+ Server Manager - Manage - Add Roles and Features - Next to Server Roles : Select "Active Directory Certificate Services" - Add Features
- Next to Role Services : Select "Certification Authority" and "Certificate Enrollment Policy Web Service" - Add Features - Install
+ Notifications - Congifure Active Directory Certificate Services on the distination server - Role Service : Select "Certification Authority"
- Setup Type : Enterprise CA - Next to CA Name : Common name for this CA : PNS-CA - Configure
- DC21 : Delete certificate default
+ Server Manager - Tools - Group Policy Management - Default Domain Policy - Editā¦ - Computer Configuration - Policies - Windows Settings
- Security Settings - Public key Policies - Encrypting File System - Delete : Administrator
+ Start - cmd - gpupdate /force
- WIN1091 : logon using HiepIT account. Update policy, Request certificate and create a floder share. Start - cmd - gpupdate /force
+ Create and share a folder named DATA, create a file text named report.txt local drive C:
+ WIN1092 : Logon using VietIT account. Start - \\10.0.0.91\DATA - Double-click report.txt === OK
+ Start - mmc - File - Add/Remove Snap-in...- Certificates - Add - Right-click Personal - All Tasks - Request New Cerfiticateā¦ - Select Basic EFS - Enroll
+ Right-click report.txt - Genernal tab - Advancedā¦ - Check "Encrypt contents to secure data" - Choose " Encrypt the file and its parent folder (recommended)"- OK
- WIN1092 : Logon using VietIT account.
+ Start - cmd - gpupdate /force
+ Start - \\10.0.0.91\DATA - Double-click report.txt === Access is denied
+ Logon using account HiepIT. Start - \\10.0.0.91\DATA - Double-click report.txt === OK
Video Information
Views
10.3K
Likes
24
Duration
12:32
Published
Jun 28, 2017
User Reviews
3.9
(2) Related Trending Topics
LIVE TRENDSRelated trending topics. Click any trend to explore more videos.