I've been dealing with a very annoying problem with EFS for the past two day. I've hit a brick wall so I hope someone can help me figure this out.
I have an Enterprise CA setup in my environment and EFS is configured domain wide. Users are auto enrolled in certificates and that certificate in turn, is used to encrypt files and folders.
I logged into one of my file servers as the administrator and encrypted a file in one of the folders. NTFS permissions on this folder is set to grant two users full permission. I then changed the advanced encryption settings on the file to allow the two users in question to decrypt the file. I did this by adding their certificates stored in active directory.
The problem is that. One of the users can open the file and the other user can't. I get "Access Denied" I've looked and double checked all configurations but I can't seem to figure it out. Can you guys look at the snapshots below to see if anything jumps at you?
The following image shows the cert thumbprint of for the user that can't access the file. This image is from the CA that issued the certificate.
As you can see below...From the workstation I'm trying to open/decrypt the file from. The personal store contains the same certificate issued by the CA.