ServersEFS for System Admins Page 3

EFS for System Admins Page 3

ServerWatch Staff
By ServerWatch Staff
Servers

ServerWatch content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.




One last area we need to investigate is how to disable EFS. Quite simply, if not managed properly, EFS could become more of a headache than anything else. Though you might think it would be as simple as changing a checkbox somewhere, unfortunately that’s not the case. It isn’t that hard anyhow, but you need to understand the repercussions of what you’re doing. The way that EFS is disabled is by either removing the recovery agents (which is considered having an empty policy), or by applying no policy at all. Although the two look similar, they are actually different in how they behave. Recovery agent policy settings can be set at the domain, OU and local levels. The table below outlines what happens when you have no policy or an empty policy locally, depending upon whether or not the system is a member of a domain. 

  No Policy Empty Policy
System without domain membership Disables EFS Disables EFS
System with domain membership  Depends on OU and domain settings Depends on OU and domain settings

As far as OU and domain recovery policies are concerned, both ‘no policy’ and an ’empty policy’ will have different outcomes because of how recovery policy settings are inherited. 

7 Having no policy applied disables policy at whichever level it were set. For example, if you had no policy applied at the domain level, it would only apply to computers at that level, and any lower level policies (such as OU or local policies) would still take effect.
7 Applying an empty policy at any level disables EFS at that level and all lower levels as well. 

As such, if you wanted to disable EFS throughout an entire domain, the easiest way would be to simply remove all recovery agents from the domain-level policy, leaving it empty. 

And there it is. EFS, while easy to configure for the user, certainly involves a little more consideration from the System Admin. I hope this article has provided you with a solid overview of
EFS, a better understanding of how it actually works, and some important details about how it might impact you in your day-to-day dealings with Windows 2000. If you have any questions or comments about this article, or ideas about a topic you would like me to write about in the future, please email me at
[email protected]

Until next time,
Dan
http://www.win2000trainer.com

Get the Free Newsletter!

Subscribe to Daily Tech Insider for top news, trends & analysis

Latest Posts

Related Stories

ServerWatch is an established resource for technology buyers looking to increase or improve their data center infrastructure. ServerWatch’s reviews, comparisons, tutorials, and guides help readers make informed purchase decisions around the hardware, software, security, management, and monitoring tools they use to innovate for employees and customers.

Advertisers

Advertise with TechnologyAdvice on ServerWatch and our other data and technology-focused platforms.

Advertise with Us

Menu

Our Brands

Property of TechnologyAdvice.
© 2024 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.