Sign in with
Sign up | Sign in
Your question

Encrypting File System

Tags:
  • File System
  • Computers
  • Active Directory
  • Windows XP
Last response: in Windows XP
Share
January 17, 2005 4:01:02 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

If a file is encrypted on computer A on home network, why is not possible to
view the file on computer B even when the EFS certificate has been installed
on computer B?

I have looked at Advanced Attributes Details button as per chapter 17 of
Windows XP Professional Resource Kit and it does not seem possible to select
a user of a different computer without the use of active directory. I don't
have active directory on my home network.

More about : encrypting file system

Anonymous
January 17, 2005 5:11:02 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

That's right. ComputerA must be trusted for delegation in an Active
Directory environment in order to allow remote access to its encrypted files.
Through delegation with the user's credentials, ComputerA can decrypt the
files and send them in plaintext over the wire to ComputerB. ComputerB may
have the key, but it can't do the decrypting.

See Delegated Server Mode:
http://www.microsoft.com/technet/prodtechnol/winxppro/d...

Thanks.
Pat

"Gregory" wrote:

> If a file is encrypted on computer A on home network, why is not possible to
> view the file on computer B even when the EFS certificate has been installed
> on computer B?
>
> I have looked at Advanced Attributes Details button as per chapter 17 of
> Windows XP Professional Resource Kit and it does not seem possible to select
> a user of a different computer without the use of active directory. I don't
> have active directory on my home network.
February 14, 2005 1:15:26 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hi,

I have a desktop and a laptop, both with Windows XP Pro.
I encrypt files on the laptop and I want to access them
from the desktop over a peer-to-peer network.

I did some search and found your post.
But it is too obscure for me to understand.

Are you saying it's impossible?

If it's possible, will you tell me exactly how to configure
the machines to enable the viewing?

Thank you.




"=?Utf-8?B?UGF0IEhvZmZlciBbTVNGVF0=?=" <pathoff@online.microsoft.com> wrote in message news:<622C1CF1-339C-4019-BFE3-12E7FAA52BE3@microsoft.com>...
> That's right. ComputerA must be trusted for delegation in an Active
> Directory environment in order to allow remote access to its encrypted files.
> Through delegation with the user's credentials, ComputerA can decrypt the
> files and send them in plaintext over the wire to ComputerB. ComputerB may
> have the key, but it can't do the decrypting.
>
> See Delegated Server Mode:
> http://www.microsoft.com/technet/prodtechnol/winxppro/d...
>
> Thanks.
> Pat
>
> "Gregory" wrote:
>
> > If a file is encrypted on computer A on home network, why is not possible to
> > view the file on computer B even when the EFS certificate has been installed
> > on computer B?
> >
> > I have looked at Advanced Attributes Details button as per chapter 17 of
> > Windows XP Professional Resource Kit and it does not seem possible to select
> > a user of a different computer without the use of active directory. I don't
> > have active directory on my home network.
Related resources
Anonymous
February 14, 2005 1:35:33 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

It's impossible to share encrypted files between computers on a peer-to-peer
network. Sharing encrypted files requires an Active Directory network, the
kind of network most people have at work.

Thanks.
Pat

"hiroshi" wrote:

> Hi,
>
> I have a desktop and a laptop, both with Windows XP Pro.
> I encrypt files on the laptop and I want to access them
> from the desktop over a peer-to-peer network.
>
> I did some search and found your post.
> But it is too obscure for me to understand.
>
> Are you saying it's impossible?
>
> If it's possible, will you tell me exactly how to configure
> the machines to enable the viewing?
>
> Thank you.
>
>
>
>
> "=?Utf-8?B?UGF0IEhvZmZlciBbTVNGVF0=?=" <pathoff@online.microsoft.com> wrote in message news:<622C1CF1-339C-4019-BFE3-12E7FAA52BE3@microsoft.com>...
> > That's right. ComputerA must be trusted for delegation in an Active
> > Directory environment in order to allow remote access to its encrypted files.
> > Through delegation with the user's credentials, ComputerA can decrypt the
> > files and send them in plaintext over the wire to ComputerB. ComputerB may
> > have the key, but it can't do the decrypting.
> >
> > See Delegated Server Mode:
> > http://www.microsoft.com/technet/prodtechnol/winxppro/d...
> >
> > Thanks.
> > Pat
> >
> > "Gregory" wrote:
> >
> > > If a file is encrypted on computer A on home network, why is not possible to
> > > view the file on computer B even when the EFS certificate has been installed
> > > on computer B?
> > >
> > > I have looked at Advanced Attributes Details button as per chapter 17 of
> > > Windows XP Professional Resource Kit and it does not seem possible to select
> > > a user of a different computer without the use of active directory. I don't
> > > have active directory on my home network.
>
February 14, 2005 8:02:23 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Well, that clarifies it more than anything I could find anywhere else,
thank you.

But how come I could do it on Windows 2000, and in fact, Windows XP
upgraded from 2000?
Is there any way to put XP into the same mode in which Windows XP
upgraded from Windows 2000 is?


"=?Utf-8?B?UGF0IEhvZmZlciBbTVNGVF0=?=" <pathoff@online.microsoft.com> wrote in message news:<55365787-CFBB-49CC-92DA-7F4E930D4572@microsoft.com>...
> It's impossible to share encrypted files between computers on a peer-to-peer
> network. Sharing encrypted files requires an Active Directory network, the
> kind of network most people have at work.
>
> Thanks.
> Pat
>
> "hiroshi" wrote:
>
> > Hi,
> >
> > I have a desktop and a laptop, both with Windows XP Pro.
> > I encrypt files on the laptop and I want to access them
> > from the desktop over a peer-to-peer network.
> >
> > I did some search and found your post.
> > But it is too obscure for me to understand.
> >
> > Are you saying it's impossible?
> >
> > If it's possible, will you tell me exactly how to configure
> > the machines to enable the viewing?
> >
> > Thank you.
> >
> >
> >
> >
> > "=?Utf-8?B?UGF0IEhvZmZlciBbTVNGVF0=?=" <pathoff@online.microsoft.com> wrote in message news:<622C1CF1-339C-4019-BFE3-12E7FAA52BE3@microsoft.com>...
> > > That's right. ComputerA must be trusted for delegation in an Active
> > > Directory environment in order to allow remote access to its encrypted files.
> > > Through delegation with the user's credentials, ComputerA can decrypt the
> > > files and send them in plaintext over the wire to ComputerB. ComputerB may
> > > have the key, but it can't do the decrypting.
> > >
> > > See Delegated Server Mode:
> > > http://www.microsoft.com/technet/prodtechnol/winxppro/d...
> > >
> > > Thanks.
> > > Pat
> > >
> > > "Gregory" wrote:
> > >
> > > > If a file is encrypted on computer A on home network, why is not possible to
> > > > view the file on computer B even when the EFS certificate has been installed
> > > > on computer B?
> > > >
> > > > I have looked at Advanced Attributes Details button as per chapter 17 of
> > > > Windows XP Professional Resource Kit and it does not seem possible to select
> > > > a user of a different computer without the use of active directory. I don't
> > > > have active directory on my home network.
> >
Anonymous
February 14, 2005 9:53:01 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Yes, sharing encrypted files on a workgroup was possible in Windows 2000.
The change in behavior is because of the differences in the security models
of the two operating systems. Windows XP is more secure. There is no way to
make it work in Windows 2000 mode.

Thanks.
Pat

"hiroshi" wrote:

> Well, that clarifies it more than anything I could find anywhere else,
> thank you.
>
> But how come I could do it on Windows 2000, and in fact, Windows XP
> upgraded from 2000?
> Is there any way to put XP into the same mode in which Windows XP
> upgraded from Windows 2000 is?
>
>
> "=?Utf-8?B?UGF0IEhvZmZlciBbTVNGVF0=?=" <pathoff@online.microsoft.com> wrote in message news:<55365787-CFBB-49CC-92DA-7F4E930D4572@microsoft.com>...
> > It's impossible to share encrypted files between computers on a peer-to-peer
> > network. Sharing encrypted files requires an Active Directory network, the
> > kind of network most people have at work.
> >
> > Thanks.
> > Pat
> >
> > "hiroshi" wrote:
> >
> > > Hi,
> > >
> > > I have a desktop and a laptop, both with Windows XP Pro.
> > > I encrypt files on the laptop and I want to access them
> > > from the desktop over a peer-to-peer network.
> > >
> > > I did some search and found your post.
> > > But it is too obscure for me to understand.
> > >
> > > Are you saying it's impossible?
> > >
> > > If it's possible, will you tell me exactly how to configure
> > > the machines to enable the viewing?
> > >
> > > Thank you.
> > >
> > >
> > >
> > >
> > > "=?Utf-8?B?UGF0IEhvZmZlciBbTVNGVF0=?=" <pathoff@online.microsoft.com> wrote in message news:<622C1CF1-339C-4019-BFE3-12E7FAA52BE3@microsoft.com>...
> > > > That's right. ComputerA must be trusted for delegation in an Active
> > > > Directory environment in order to allow remote access to its encrypted files.
> > > > Through delegation with the user's credentials, ComputerA can decrypt the
> > > > files and send them in plaintext over the wire to ComputerB. ComputerB may
> > > > have the key, but it can't do the decrypting.
> > > >
> > > > See Delegated Server Mode:
> > > > http://www.microsoft.com/technet/prodtechnol/winxppro/d...
> > > >
> > > > Thanks.
> > > > Pat
> > > >
> > > > "Gregory" wrote:
> > > >
> > > > > If a file is encrypted on computer A on home network, why is not possible to
> > > > > view the file on computer B even when the EFS certificate has been installed
> > > > > on computer B?
> > > > >
> > > > > I have looked at Advanced Attributes Details button as per chapter 17 of
> > > > > Windows XP Professional Resource Kit and it does not seem possible to select
> > > > > a user of a different computer without the use of active directory. I don't
> > > > > have active directory on my home network.
> > >
>
February 15, 2005 12:48:16 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

So when Windows XP has been upgraded from Windows 2000, it is
running in a kind of compatibility mode that is less secure
than native XP mode?
Is it a serious insecurity?
I didn't find any mention of this anywhere. Any pointers?

Thanks.

"=?Utf-8?B?UGF0IEhvZmZlciBbTVNGVF0=?=" <pathoff@online.microsoft.com> wrote in message news:<956569C9-9B77-4C5B-870B-13F0C2F1F2B3@microsoft.com>...
> Yes, sharing encrypted files on a workgroup was possible in Windows 2000.
> The change in behavior is because of the differences in the security models
> of the two operating systems. Windows XP is more secure. There is no way to
> make it work in Windows 2000 mode.
>
> Thanks.
> Pat
>
> "hiroshi" wrote:
>
> > Well, that clarifies it more than anything I could find anywhere else,
> > thank you.
> >
> > But how come I could do it on Windows 2000, and in fact, Windows XP
> > upgraded from 2000?
> > Is there any way to put XP into the same mode in which Windows XP
> > upgraded from Windows 2000 is?
> >
> >
> > "=?Utf-8?B?UGF0IEhvZmZlciBbTVNGVF0=?=" <pathoff@online.microsoft.com> wrote in message news:<55365787-CFBB-49CC-92DA-7F4E930D4572@microsoft.com>...
> > > It's impossible to share encrypted files between computers on a peer-to-peer
> > > network. Sharing encrypted files requires an Active Directory network, the
> > > kind of network most people have at work.
> > >
> > > Thanks.
> > > Pat
> > >
> > > "hiroshi" wrote:
> > >
> > > > Hi,
> > > >
> > > > I have a desktop and a laptop, both with Windows XP Pro.
> > > > I encrypt files on the laptop and I want to access them
> > > > from the desktop over a peer-to-peer network.
> > > >
> > > > I did some search and found your post.
> > > > But it is too obscure for me to understand.
> > > >
> > > > Are you saying it's impossible?
> > > >
> > > > If it's possible, will you tell me exactly how to configure
> > > > the machines to enable the viewing?
> > > >
> > > > Thank you.
> > > >
> > > >
> > > >
> > > >
> > > > "=?Utf-8?B?UGF0IEhvZmZlciBbTVNGVF0=?=" <pathoff@online.microsoft.com> wrote in message news:<622C1CF1-339C-4019-BFE3-12E7FAA52BE3@microsoft.com>...
> > > > > That's right. ComputerA must be trusted for delegation in an Active
> > > > > Directory environment in order to allow remote access to its encrypted files.
> > > > > Through delegation with the user's credentials, ComputerA can decrypt the
> > > > > files and send them in plaintext over the wire to ComputerB. ComputerB may
> > > > > have the key, but it can't do the decrypting.
> > > > >
> > > > > See Delegated Server Mode:
> > > > > http://www.microsoft.com/technet/prodtechnol/winxppro/d...
> > > > >
> > > > > Thanks.
> > > > > Pat
> > > > >
> > > > > "Gregory" wrote:
> > > > >
> > > > > > If a file is encrypted on computer A on home network, why is not possible to
> > > > > > view the file on computer B even when the EFS certificate has been installed
> > > > > > on computer B?
> > > > > >
> > > > > > I have looked at Advanced Attributes Details button as per chapter 17 of
> > > > > > Windows XP Professional Resource Kit and it does not seem possible to select
> > > > > > a user of a different computer without the use of active directory. I don't
> > > > > > have active directory on my home network.
> > > >
> >
Anonymous
February 15, 2005 12:47:06 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Once you upgrade to Windows XP you are running in the more secure Windows XP
mode. Adding SP2 provides even more security to the system.

BTW, SP2 also includes the "cipher /x" option that you can run in a command
prompt to back up your EFS certificate and key. It creates a .pfx file that
you should store on a floppy for safe-keeping.

Thanks.
Pat

"hiroshi" wrote:

> So when Windows XP has been upgraded from Windows 2000, it is
> running in a kind of compatibility mode that is less secure
> than native XP mode?
> Is it a serious insecurity?
> I didn't find any mention of this anywhere. Any pointers?
>
> Thanks.
>
> "=?Utf-8?B?UGF0IEhvZmZlciBbTVNGVF0=?=" <pathoff@online.microsoft.com> wrote in message news:<956569C9-9B77-4C5B-870B-13F0C2F1F2B3@microsoft.com>...
> > Yes, sharing encrypted files on a workgroup was possible in Windows 2000.
> > The change in behavior is because of the differences in the security models
> > of the two operating systems. Windows XP is more secure. There is no way to
> > make it work in Windows 2000 mode.
> >
> > Thanks.
> > Pat
> >
> > "hiroshi" wrote:
> >
> > > Well, that clarifies it more than anything I could find anywhere else,
> > > thank you.
> > >
> > > But how come I could do it on Windows 2000, and in fact, Windows XP
> > > upgraded from 2000?
> > > Is there any way to put XP into the same mode in which Windows XP
> > > upgraded from Windows 2000 is?
> > >
> > >
> > > "=?Utf-8?B?UGF0IEhvZmZlciBbTVNGVF0=?=" <pathoff@online.microsoft.com> wrote in message news:<55365787-CFBB-49CC-92DA-7F4E930D4572@microsoft.com>...
> > > > It's impossible to share encrypted files between computers on a peer-to-peer
> > > > network. Sharing encrypted files requires an Active Directory network, the
> > > > kind of network most people have at work.
> > > >
> > > > Thanks.
> > > > Pat
> > > >
> > > > "hiroshi" wrote:
> > > >
> > > > > Hi,
> > > > >
> > > > > I have a desktop and a laptop, both with Windows XP Pro.
> > > > > I encrypt files on the laptop and I want to access them
> > > > > from the desktop over a peer-to-peer network.
> > > > >
> > > > > I did some search and found your post.
> > > > > But it is too obscure for me to understand.
> > > > >
> > > > > Are you saying it's impossible?
> > > > >
> > > > > If it's possible, will you tell me exactly how to configure
> > > > > the machines to enable the viewing?
> > > > >
> > > > > Thank you.
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > "=?Utf-8?B?UGF0IEhvZmZlciBbTVNGVF0=?=" <pathoff@online.microsoft.com> wrote in message news:<622C1CF1-339C-4019-BFE3-12E7FAA52BE3@microsoft.com>...
> > > > > > That's right. ComputerA must be trusted for delegation in an Active
> > > > > > Directory environment in order to allow remote access to its encrypted files.
> > > > > > Through delegation with the user's credentials, ComputerA can decrypt the
> > > > > > files and send them in plaintext over the wire to ComputerB. ComputerB may
> > > > > > have the key, but it can't do the decrypting.
> > > > > >
> > > > > > See Delegated Server Mode:
> > > > > > http://www.microsoft.com/technet/prodtechnol/winxppro/d...
> > > > > >
> > > > > > Thanks.
> > > > > > Pat
> > > > > >
> > > > > > "Gregory" wrote:
> > > > > >
> > > > > > > If a file is encrypted on computer A on home network, why is not possible to
> > > > > > > view the file on computer B even when the EFS certificate has been installed
> > > > > > > on computer B?
> > > > > > >
> > > > > > > I have looked at Advanced Attributes Details button as per chapter 17 of
> > > > > > > Windows XP Professional Resource Kit and it does not seem possible to select
> > > > > > > a user of a different computer without the use of active directory. I don't
> > > > > > > have active directory on my home network.
> > > > >
> > >
>
February 18, 2005 12:02:30 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I am confused again.

You wrote:

A: It is impossible to share encrypted files between computers on a
peer-to-peer network in Windows XP.

B: It is possible in Windows 2000.

C: The cause of different behavior is that Windows 2000 uses a less
secure security model than the one in Windows XP.

D: When you upgrade from Windows 2000 to XP, the security model used
is the more secure XP model.


Fact: It is POSSIBLE to share encrypted files between Windows XP
computers on a peer-to-peer network, if the Windows XP that hosts the
files has been upgraded from Windows 2000.



Now, if an upgraded XP uses the new XP security model, and if the new
XP model is the reason that XP does not allow sharing encypted files
on a peer-to-peer network, why I can do it on the upgraded XP?

It seems to me that it is either:

1) Windows XP upgraded from Windows 2000 uses the less secure Windows
2000 security model,

2) The new Windows XP security model can allow sharing encrypted files
on a peer-to-peer network,

or

3) The change of security models and the change in behavior in sharing
encrypted files are not related.


What am I missing?

Hiroshi


"=?Utf-8?B?UGF0IEhvZmZlciBbTVNGVF0=?=" <pathoff@online.microsoft.com> wrote in message news:<A382D1F3-5E09-4B52-B660-EF10DEC9924B@microsoft.com>...
> Once you upgrade to Windows XP you are running in the more secure Windows XP
> mode. Adding SP2 provides even more security to the system.
>
> BTW, SP2 also includes the "cipher /x" option that you can run in a command
> prompt to back up your EFS certificate and key. It creates a .pfx file that
> you should store on a floppy for safe-keeping.
>
> Thanks.
> Pat
>
> "hiroshi" wrote:
>
> > So when Windows XP has been upgraded from Windows 2000, it is
> > running in a kind of compatibility mode that is less secure
> > than native XP mode?
> > Is it a serious insecurity?
> > I didn't find any mention of this anywhere. Any pointers?
> >
> > Thanks.
> >
> > "=?Utf-8?B?UGF0IEhvZmZlciBbTVNGVF0=?=" <pathoff@online.microsoft.com> wrote in message news:<956569C9-9B77-4C5B-870B-13F0C2F1F2B3@microsoft.com>...
> > > Yes, sharing encrypted files on a workgroup was possible in Windows 2000.
> > > The change in behavior is because of the differences in the security models
> > > of the two operating systems. Windows XP is more secure. There is no way to
> > > make it work in Windows 2000 mode.
> > >
> > > Thanks.
> > > Pat
> > >
> > > "hiroshi" wrote:
> > >
> > > > Well, that clarifies it more than anything I could find anywhere else,
> > > > thank you.
> > > >
> > > > But how come I could do it on Windows 2000, and in fact, Windows XP
> > > > upgraded from 2000?
> > > > Is there any way to put XP into the same mode in which Windows XP
> > > > upgraded from Windows 2000 is?
> > > >
> > > >
> > > > "=?Utf-8?B?UGF0IEhvZmZlciBbTVNGVF0=?=" <pathoff@online.microsoft.com> wrote in message news:<55365787-CFBB-49CC-92DA-7F4E930D4572@microsoft.com>...
> > > > > It's impossible to share encrypted files between computers on a peer-to-peer
> > > > > network. Sharing encrypted files requires an Active Directory network, the
> > > > > kind of network most people have at work.
> > > > >
> > > > > Thanks.
> > > > > Pat
> > > > >
> > > > > "hiroshi" wrote:
> > > > >
> > > > > > Hi,
> > > > > >
> > > > > > I have a desktop and a laptop, both with Windows XP Pro.
> > > > > > I encrypt files on the laptop and I want to access them
> > > > > > from the desktop over a peer-to-peer network.
> > > > > >
> > > > > > I did some search and found your post.
> > > > > > But it is too obscure for me to understand.
> > > > > >
> > > > > > Are you saying it's impossible?
> > > > > >
> > > > > > If it's possible, will you tell me exactly how to configure
> > > > > > the machines to enable the viewing?
> > > > > >
> > > > > > Thank you.
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > "=?Utf-8?B?UGF0IEhvZmZlciBbTVNGVF0=?=" <pathoff@online.microsoft.com> wrote in message news:<622C1CF1-339C-4019-BFE3-12E7FAA52BE3@microsoft.com>...
> > > > > > > That's right. ComputerA must be trusted for delegation in an Active
> > > > > > > Directory environment in order to allow remote access to its encrypted files.
> > > > > > > Through delegation with the user's credentials, ComputerA can decrypt the
> > > > > > > files and send them in plaintext over the wire to ComputerB. ComputerB may
> > > > > > > have the key, but it can't do the decrypting.
> > > > > > >
> > > > > > > See Delegated Server Mode:
> > > > > > > http://www.microsoft.com/technet/prodtechnol/winxppro/d...
> > > > > > >
> > > > > > > Thanks.
> > > > > > > Pat
> > > > > > >
> > > > > > > "Gregory" wrote:
> > > > > > >
> > > > > > > > If a file is encrypted on computer A on home network, why is not possible to
> > > > > > > > view the file on computer B even when the EFS certificate has been installed
> > > > > > > > on computer B?
> > > > > > > >
> > > > > > > > I have looked at Advanced Attributes Details button as per chapter 17 of
> > > > > > > > Windows XP Professional Resource Kit and it does not seem possible to select
> > > > > > > > a user of a different computer without the use of active directory. I don't
> > > > > > > > have active directory on my home network.
> > > > > >
> > > >
> >
Anonymous
February 18, 2005 10:56:56 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hi, It's easy, visit http://www.dreamflysoft.com and download Cool
File Encryption to help you.
!