Enable a remote server for file encryption
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
To enable a remote server for file encryption
Open Active Directory Users and Computers, locate the remote server computer account.
Right-click the remote server computer account, and then click Properties.
Click the Delegation tab, select the Trust this computer for delegation to specified services only option.
Ensure that Use Kerberos only is selected. Click Add.
Click Users or Computers. Use Select Users or Computers to locate and add the account for a local domain controller.
From the list of available services, select the protectedstorage and the cifs services.
Repeat steps 5, and 6 for each domain controller computer account in the domain.
Once all domain controller computer objects have been added, click OK on the remote computer’s Properties dialog box.
The list must be updated when domain controllers are added or removed from the domain.
To perform this procedure, you must be a member of the Domain Admins group or the Enterprise Admins group in Active Directory, or you must have been delegated the appropriate authority. As a security best practice, consider using Run as to perform this procedure. For more information, see Default local groups, Default groups, and Using Run as.
To open Active Directory Users and Computers, click Start, click Control Panel, double-click Administrative Tools, and then double-click Active Directory Users and Computers.
When encrypting files on a WebDAV server, the computer does not need to be trusted for delegation.
You cannot configure a computer in another forest for encryption, even if there is a trust relationship established.
Information about functional differences
- Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.