Archived from groups: microsoft.public.windowsxp.security_admin (
More info?)
I am confused again.
You wrote:
A: It is impossible to share encrypted files between computers on a
peer-to-peer network in Windows XP.
B: It is possible in Windows 2000.
C: The cause of different behavior is that Windows 2000 uses a less
secure security model than the one in Windows XP.
D: When you upgrade from Windows 2000 to XP, the security model used
is the more secure XP model.
Fact: It is POSSIBLE to share encrypted files between Windows XP
computers on a peer-to-peer network, if the Windows XP that hosts the
files has been upgraded from Windows 2000.
Now, if an upgraded XP uses the new XP security model, and if the new
XP model is the reason that XP does not allow sharing encypted files
on a peer-to-peer network, why I can do it on the upgraded XP?
It seems to me that it is either:
1) Windows XP upgraded from Windows 2000 uses the less secure Windows
2000 security model,
2) The new Windows XP security model can allow sharing encrypted files
on a peer-to-peer network,
or
3) The change of security models and the change in behavior in sharing
encrypted files are not related.
What am I missing?
Hiroshi
"=?Utf-8?B?UGF0IEhvZmZlciBbTVNGVF0=?=" <pathoff@online.microsoft.com> wrote in message news:<A382D1F3-5E09-4B52-B660-EF10DEC9924B@microsoft.com>...
> Once you upgrade to Windows XP you are running in the more secure Windows XP
> mode. Adding SP2 provides even more security to the system.
>
> BTW, SP2 also includes the "cipher /x" option that you can run in a command
> prompt to back up your EFS certificate and key. It creates a .pfx file that
> you should store on a floppy for safe-keeping.
>
> Thanks.
> Pat
>
> "hiroshi" wrote:
>
> > So when Windows XP has been upgraded from Windows 2000, it is
> > running in a kind of compatibility mode that is less secure
> > than native XP mode?
> > Is it a serious insecurity?
> > I didn't find any mention of this anywhere. Any pointers?
> >
> > Thanks.
> >
> > "=?Utf-8?B?UGF0IEhvZmZlciBbTVNGVF0=?=" <pathoff@online.microsoft.com> wrote in message news:<956569C9-9B77-4C5B-870B-13F0C2F1F2B3@microsoft.com>...
> > > Yes, sharing encrypted files on a workgroup was possible in Windows 2000.
> > > The change in behavior is because of the differences in the security models
> > > of the two operating systems. Windows XP is more secure. There is no way to
> > > make it work in Windows 2000 mode.
> > >
> > > Thanks.
> > > Pat
> > >
> > > "hiroshi" wrote:
> > >
> > > > Well, that clarifies it more than anything I could find anywhere else,
> > > > thank you.
> > > >
> > > > But how come I could do it on Windows 2000, and in fact, Windows XP
> > > > upgraded from 2000?
> > > > Is there any way to put XP into the same mode in which Windows XP
> > > > upgraded from Windows 2000 is?
> > > >
> > > >
> > > > "=?Utf-8?B?UGF0IEhvZmZlciBbTVNGVF0=?=" <pathoff@online.microsoft.com> wrote in message news:<55365787-CFBB-49CC-92DA-7F4E930D4572@microsoft.com>...
> > > > > It's impossible to share encrypted files between computers on a peer-to-peer
> > > > > network. Sharing encrypted files requires an Active Directory network, the
> > > > > kind of network most people have at work.
> > > > >
> > > > > Thanks.
> > > > > Pat
> > > > >
> > > > > "hiroshi" wrote:
> > > > >
> > > > > > Hi,
> > > > > >
> > > > > > I have a desktop and a laptop, both with Windows XP Pro.
> > > > > > I encrypt files on the laptop and I want to access them
> > > > > > from the desktop over a peer-to-peer network.
> > > > > >
> > > > > > I did some search and found your post.
> > > > > > But it is too obscure for me to understand.
> > > > > >
> > > > > > Are you saying it's impossible?
> > > > > >
> > > > > > If it's possible, will you tell me exactly how to configure
> > > > > > the machines to enable the viewing?
> > > > > >
> > > > > > Thank you.
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > "=?Utf-8?B?UGF0IEhvZmZlciBbTVNGVF0=?=" <pathoff@online.microsoft.com> wrote in message news:<622C1CF1-339C-4019-BFE3-12E7FAA52BE3@microsoft.com>...
> > > > > > > That's right. ComputerA must be trusted for delegation in an Active
> > > > > > > Directory environment in order to allow remote access to its encrypted files.
> > > > > > > Through delegation with the user's credentials, ComputerA can decrypt the
> > > > > > > files and send them in plaintext over the wire to ComputerB. ComputerB may
> > > > > > > have the key, but it can't do the decrypting.
> > > > > > >
> > > > > > > See Delegated Server Mode:
> > > > > > >
http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx
> > > > > > >
> > > > > > > Thanks.
> > > > > > > Pat
> > > > > > >
> > > > > > > "Gregory" wrote:
> > > > > > >
> > > > > > > > If a file is encrypted on computer A on home network, why is not possible to
> > > > > > > > view the file on computer B even when the EFS certificate has been installed
> > > > > > > > on computer B?
> > > > > > > >
> > > > > > > > I have looked at Advanced Attributes Details button as per chapter 17 of
> > > > > > > > Windows XP Professional Resource Kit and it does not seem possible to select
> > > > > > > > a user of a different computer without the use of active directory. I don't
> > > > > > > > have active directory on my home network.
> > > > > >
> > > >
> >
Facebook
Twitter
Instagram