EFS certificate location on win2k8 r2 domain controller/file server

hi,

i have following

-win2k8 r2 standard domain controller/file server (no certification authority on server or anywhere else. have 1 server)

-win7pro x64 laptop in workgroup mode (not joined domain)

the laptop has local efs certificate encrypt files on laptop locally.

when access file server laptop (laptop1) , login file server, put in domain ad user account testuser1. when encrypt files, not use local efs certificate, seems testuser1 generates certificate ad via smb protocol , certificate gets stored in ad automatically. don't see testuser1 efs certificate installed in mmc -> certificates on laptop. don't have certificates testuser1 on laptop.

for testuser1 efs certificate, when use laptop1 access encrypted files on file server, testuser1 getting certificate in ad via smb protocol because don’t have efs certificates on laptop1 testuser1?

i did test on brand new laptop (laptop2) in workgroup mode (not joined ad domain), , when access file server using ad account testuser1, can access encrypted files encrypted testuser1. didn't have install efs certificate testuser1. long access file server using ad username files encrypted user, can access files no problem. testuser1 efs certificate getting stored in ad? can’t find it. laptop2 getting testuser1 efs certificate info via smb/cifs protocol on file sharing?

when use laptop1 or laptop2 access file server via ad user account ‘administrator’, cannot access encrypted files testuser1. seems testuser1 efs certificate stored in ad don’t have ‘certificate authority’ setup anywhere. see efs certificate testuser1 in ad?

thanks

to sum up.

i can use new laptop that's not part of domain (no efs certificates) , access file server using ad user account testuser1 , can access encrypted files encrypted user testuser1 only.

how possible? how getting efs certificate access encrypted files testuser1?

Windows Server  >  Security