Creating certificates via the Active Directory

In order to be able to encrypt and manage a network drive (UNC path) centrally with DriveLock File Protection, some preparations must be made in Active Directory.

The encryption is based on user-based certificates (EFS certificates). It is necessary to create them for each user at the beginning. The Active Directory is the ideal central issuer for certificates.

Active Directory Certificate Services: Distribute certificates with group policies

An Active Directory-integrated CA provides the ability to automatically distribute certificates to users or computers via group policies. In the following, auto-enrollment is configured by a duplicated certificate template Basis-EFS. This is used to encrypt folder contents.

The following steps must be performed in the process:

1. Duplicating the certificate template

2. Issuing the template

3. Creating a group policy

4. auto enrollment and policy activation

5. Testing the automatic enrollment

Once user certificates have been created and collected by the DriveLock AD inventory, you can define File Protection users in the DOC. Please note that these certificates can only be collected by DriveLock Agents with version 2024.1 and higher.

You can find a use case here.