Encrypting File System (EFS) Access Denied Error Message Appears when Encrypting

Encrypting File System (EFS) Access Denied Error Message Appears when Encrypting

Applies to Windows Server 2008, Windows Server 2008 R2, Windows Vista, Windows 7.

There are many different reasons that a user might experience an access-denied message. Many of those reasons have to do with access control list (ACL) permissions, network access control permissions and devices, credential presentation errors, and application compatibility errors.

EFS, RSA, and Version 3 templates do not function properly
A specific issue that may arise when you deploy certificates to be used by EFS and using the Rivest-Shamir-Adelman (RSA) algorith on version 3 certificate templates. The Encrypting File System (EFS) only supports the use of the Rivest-Shamir-Adelman (RSA) algorithm on version 2 certificate templates, which only use Cryptography API (CAPI).  EFS only supports Elliptic Curve Diffie-Hellman (ECDH) on version 3 certificate templates, which only use Cryptography Next Generation (CNG).  Version 3 templates are the default when Windows Server 2008, Enterprise certificate templates are used. If you plan to utilize EFS with RSA, be sure to select Windows 2003 Server Enterprise, to get the version 2 template, and use a CAPI Cryptographic Service Provider (CSP).

Resolution
To resolve this issue, deploy EFS certificates that employ the RSA encryption algorithm using version 2 templates: Windows Server 2003 Enterprise.


Leave a Comment
  • Please add 1 and 1 and type the answer here:
  • Post
Wiki - Revision Comment List(Revision Comment)
Sort by: Published Date | Most Recent | Most Useful
Comments
Page 1 of 1 (1 items)
Wikis - Comment List
Sort by: Published Date | Most Recent | Most Useful
Posting comments is temporarily disabled until 10:00am PST on Saturday, December 14th. Thank you for your patience.
Comments
  • Maheshkumar S Tiwari edited Original. Comment: Added Tag and minor edit

Page 1 of 1 (1 items)