What would be the solution for the case that admin encrypts all data on fileserver and wants only domain users be able to access/decrypt the data? Does admin need to add “domain users” as recovery agent?
In a very small environment where an Admin has to encrypt all files, then yes, we’ll have to add all users to the recovery agent. However, this scenario never has a practical application and you will never find a scenario where an admin has to encrypt all files. Even when such a scenario becomes necessary, you will require the admin to encrypt using a different certificate
@12:09 - can you explain how to use each of the settings in/under "Public Key Policies" ????
@1:58 - can you explain how to modify each template and why/how-to implement for Server 2019 & Windows 10 20H2 ????? -----[ Please & Thanks ]----
Can you explain when to use "Superseded Templates" ???
At the end it still modify on client's computer, if can apply from GPOs directly is the best.
Can you lift the pfx in anyway from the drive?
If dhcp server install what kind of role install previously????
What would be the solution for the case that admin encrypts all data on fileserver and wants only domain users be able to access/decrypt the data? Does admin need to add “domain users” as recovery agent?
In a very small environment where an Admin has to encrypt all files, then yes, we’ll have to add all users to the recovery agent. However, this scenario never has a practical application and you will never find a scenario where an admin has to encrypt all files. Even when such a scenario becomes necessary, you will require the admin to encrypt using a different certificate
thanks