Thursday, March 3, 2016

Which certificate Windows EFS uses to encrypt new files

It's possible to have multiple EFS certificates for one user, allowing that user to have access to files encrypted with the several keys. A question, however, is which certificate will be used to encrypt new files.

The answer is that there's one definitive certificate associated with each user who has EFS files. That certificate is in the system's Trusted People store and is titled with the user's name. When a user looks at the Trusted People store in the Current User scope, the definitive certificate is the one with the user's name that does not have a key on the icon.

Only that certificate is used to encrypt files when the Encrypt contents to secure data box is checked or when cipher /e is used. More certificates can be granted access to the file with cipher /adduser.

No comments:

Post a Comment