You are currently offline, waiting for your internet to reconnect

You can't share files that have multiple EFS certificates

Symptoms
Consider the following scenario:
  • You would like users to share files that were encrypted by using multiple Encrypting File System (EFS) certificates. 
  • Users U1 and U2 have valid EFS certificates. 
  • File F1 exists on a computer on which EFS is enabled, and users U1 and U2 have read and write permissions on the file.
  • User U1 follows these steps to encrypt file F1:
    1. Locate file F1 on disk.
    2. Right-click on file F1.
    3. Click Properties.
    4. Click Advanced.
    5. Select Encrypt contents to secure data.
    6. Click OK.
    7. Click Apply


  • User U1 creates file sharing for file F1 by adding the appropriate EFS certificate for user U2 to file F1. 
  • Users U1 and U2 follow these steps to access file F1: 
    1. Locate file F1 on disk.
    2. Right-click file F1.
    3. Click Properties
    4. Click Advanced
    5. Click Details
    6. Click Add
    7. Select the user whom you want to add. 
    8. Click OK


  • User U1 or user U2 changes file F1. 

In this scenario, EFS metadata is not maintained, and only the current user can decrypt the file. However, you expect that EFS metadata will be maintained and that the user whom you added in step 7 is still there. 
Cause
If an application opens and saves a file by using the replacefile() API, and if that file was encrypted by using EFS when more than one certificate was present, the resulting file will contain only the certificate of the user who saved the file. This behavior is by design.
Status
Currently, you can't share files in this way. 
Properties

Article ID: 3118620 - Last Review: 12/02/2015 18:05:00 - Revision: 2.0

Windows 10, Windows Server 2012 R2 Standard, Windows 8.1 Enterprise, Windows Server 2012 Standard, Windows 8 Pro, Windows Server 2008 R2 Enterprise, Windows 7 Professional

  • kbexpertiseadvanced kbsurveynew kbtshoot KB3118620
Feedback
>img style="display: none; " src="https://c1.microsoft.com/c.gif?DI=4050&did=1&t=">id=1&t=">ickTracking = 1; var varCustomerTracking = 1; var Route = "76500"; var Ctrl = ""; document.write(" Ctrl = ""; document.write(" .com/c.gif?DI=4050&did=1&t=">