Encrypting File System

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

If a file is encrypted on computer A on home network, why is not possible to
view the file on computer B even when the EFS certificate has been installed
on computer B?

I have looked at Advanced Attributes Details button as per chapter 17 of
Windows XP Professional Resource Kit and it does not seem possible to select
a user of a different computer without the use of active directory. I don't
have active directory on my home network.
9 answers Last reply
More about encrypting file system
  1. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    That's right. ComputerA must be trusted for delegation in an Active
    Directory environment in order to allow remote access to its encrypted files.
    Through delegation with the user's credentials, ComputerA can decrypt the
    files and send them in plaintext over the wire to ComputerB. ComputerB may
    have the key, but it can't do the decrypting.

    See Delegated Server Mode:
    http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx

    Thanks.
    Pat

    "Gregory" wrote:

    > If a file is encrypted on computer A on home network, why is not possible to
    > view the file on computer B even when the EFS certificate has been installed
    > on computer B?
    >
    > I have looked at Advanced Attributes Details button as per chapter 17 of
    > Windows XP Professional Resource Kit and it does not seem possible to select
    > a user of a different computer without the use of active directory. I don't
    > have active directory on my home network.
  2. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Hi,

    I have a desktop and a laptop, both with Windows XP Pro.
    I encrypt files on the laptop and I want to access them
    from the desktop over a peer-to-peer network.

    I did some search and found your post.
    But it is too obscure for me to understand.

    Are you saying it's impossible?

    If it's possible, will you tell me exactly how to configure
    the machines to enable the viewing?

    Thank you.


    "=?Utf-8?B?UGF0IEhvZmZlciBbTVNGVF0=?=" <pathoff@online.microsoft.com> wrote in message news:<622C1CF1-339C-4019-BFE3-12E7FAA52BE3@microsoft.com>...
    > That's right. ComputerA must be trusted for delegation in an Active
    > Directory environment in order to allow remote access to its encrypted files.
    > Through delegation with the user's credentials, ComputerA can decrypt the
    > files and send them in plaintext over the wire to ComputerB. ComputerB may
    > have the key, but it can't do the decrypting.
    >
    > See Delegated Server Mode:
    > http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx
    >
    > Thanks.
    > Pat
    >
    > "Gregory" wrote:
    >
    > > If a file is encrypted on computer A on home network, why is not possible to
    > > view the file on computer B even when the EFS certificate has been installed
    > > on computer B?
    > >
    > > I have looked at Advanced Attributes Details button as per chapter 17 of
    > > Windows XP Professional Resource Kit and it does not seem possible to select
    > > a user of a different computer without the use of active directory. I don't
    > > have active directory on my home network.
  3. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    It's impossible to share encrypted files between computers on a peer-to-peer
    network. Sharing encrypted files requires an Active Directory network, the
    kind of network most people have at work.

    Thanks.
    Pat

    "hiroshi" wrote:

    > Hi,
    >
    > I have a desktop and a laptop, both with Windows XP Pro.
    > I encrypt files on the laptop and I want to access them
    > from the desktop over a peer-to-peer network.
    >
    > I did some search and found your post.
    > But it is too obscure for me to understand.
    >
    > Are you saying it's impossible?
    >
    > If it's possible, will you tell me exactly how to configure
    > the machines to enable the viewing?
    >
    > Thank you.
    >
    >
    >
    >
    > "=?Utf-8?B?UGF0IEhvZmZlciBbTVNGVF0=?=" <pathoff@online.microsoft.com> wrote in message news:<622C1CF1-339C-4019-BFE3-12E7FAA52BE3@microsoft.com>...
    > > That's right. ComputerA must be trusted for delegation in an Active
    > > Directory environment in order to allow remote access to its encrypted files.
    > > Through delegation with the user's credentials, ComputerA can decrypt the
    > > files and send them in plaintext over the wire to ComputerB. ComputerB may
    > > have the key, but it can't do the decrypting.
    > >
    > > See Delegated Server Mode:
    > > http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx
    > >
    > > Thanks.
    > > Pat
    > >
    > > "Gregory" wrote:
    > >
    > > > If a file is encrypted on computer A on home network, why is not possible to
    > > > view the file on computer B even when the EFS certificate has been installed
    > > > on computer B?
    > > >
    > > > I have looked at Advanced Attributes Details button as per chapter 17 of
    > > > Windows XP Professional Resource Kit and it does not seem possible to select
    > > > a user of a different computer without the use of active directory. I don't
    > > > have active directory on my home network.
    >
  4. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Well, that clarifies it more than anything I could find anywhere else,
    thank you.

    But how come I could do it on Windows 2000, and in fact, Windows XP
    upgraded from 2000?
    Is there any way to put XP into the same mode in which Windows XP
    upgraded from Windows 2000 is?


    "=?Utf-8?B?UGF0IEhvZmZlciBbTVNGVF0=?=" <pathoff@online.microsoft.com> wrote in message news:<55365787-CFBB-49CC-92DA-7F4E930D4572@microsoft.com>...
    > It's impossible to share encrypted files between computers on a peer-to-peer
    > network. Sharing encrypted files requires an Active Directory network, the
    > kind of network most people have at work.
    >
    > Thanks.
    > Pat
    >
    > "hiroshi" wrote:
    >
    > > Hi,
    > >
    > > I have a desktop and a laptop, both with Windows XP Pro.
    > > I encrypt files on the laptop and I want to access them
    > > from the desktop over a peer-to-peer network.
    > >
    > > I did some search and found your post.
    > > But it is too obscure for me to understand.
    > >
    > > Are you saying it's impossible?
    > >
    > > If it's possible, will you tell me exactly how to configure
    > > the machines to enable the viewing?
    > >
    > > Thank you.
    > >
    > >
    > >
    > >
    > > "=?Utf-8?B?UGF0IEhvZmZlciBbTVNGVF0=?=" <pathoff@online.microsoft.com> wrote in message news:<622C1CF1-339C-4019-BFE3-12E7FAA52BE3@microsoft.com>...
    > > > That's right. ComputerA must be trusted for delegation in an Active
    > > > Directory environment in order to allow remote access to its encrypted files.
    > > > Through delegation with the user's credentials, ComputerA can decrypt the
    > > > files and send them in plaintext over the wire to ComputerB. ComputerB may
    > > > have the key, but it can't do the decrypting.
    > > >
    > > > See Delegated Server Mode:
    > > > http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx
    > > >
    > > > Thanks.
    > > > Pat
    > > >
    > > > "Gregory" wrote:
    > > >
    > > > > If a file is encrypted on computer A on home network, why is not possible to
    > > > > view the file on computer B even when the EFS certificate has been installed
    > > > > on computer B?
    > > > >
    > > > > I have looked at Advanced Attributes Details button as per chapter 17 of
    > > > > Windows XP Professional Resource Kit and it does not seem possible to select
    > > > > a user of a different computer without the use of active directory. I don't
    > > > > have active directory on my home network.
    > >
  5. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Yes, sharing encrypted files on a workgroup was possible in Windows 2000.
    The change in behavior is because of the differences in the security models
    of the two operating systems. Windows XP is more secure. There is no way to
    make it work in Windows 2000 mode.

    Thanks.
    Pat

    "hiroshi" wrote:

    > Well, that clarifies it more than anything I could find anywhere else,
    > thank you.
    >
    > But how come I could do it on Windows 2000, and in fact, Windows XP
    > upgraded from 2000?
    > Is there any way to put XP into the same mode in which Windows XP
    > upgraded from Windows 2000 is?
    >
    >
    > "=?Utf-8?B?UGF0IEhvZmZlciBbTVNGVF0=?=" <pathoff@online.microsoft.com> wrote in message news:<55365787-CFBB-49CC-92DA-7F4E930D4572@microsoft.com>...
    > > It's impossible to share encrypted files between computers on a peer-to-peer
    > > network. Sharing encrypted files requires an Active Directory network, the
    > > kind of network most people have at work.
    > >
    > > Thanks.
    > > Pat
    > >
    > > "hiroshi" wrote:
    > >
    > > > Hi,
    > > >
    > > > I have a desktop and a laptop, both with Windows XP Pro.
    > > > I encrypt files on the laptop and I want to access them
    > > > from the desktop over a peer-to-peer network.
    > > >
    > > > I did some search and found your post.
    > > > But it is too obscure for me to understand.
    > > >
    > > > Are you saying it's impossible?
    > > >
    > > > If it's possible, will you tell me exactly how to configure
    > > > the machines to enable the viewing?
    > > >
    > > > Thank you.
    > > >
    > > >
    > > >
    > > >
    > > > "=?Utf-8?B?UGF0IEhvZmZlciBbTVNGVF0=?=" <pathoff@online.microsoft.com> wrote in message news:<622C1CF1-339C-4019-BFE3-12E7FAA52BE3@microsoft.com>...
    > > > > That's right. ComputerA must be trusted for delegation in an Active
    > > > > Directory environment in order to allow remote access to its encrypted files.
    > > > > Through delegation with the user's credentials, ComputerA can decrypt the
    > > > > files and send them in plaintext over the wire to ComputerB. ComputerB may
    > > > > have the key, but it can't do the decrypting.
    > > > >
    > > > > See Delegated Server Mode:
    > > > > http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx
    > > > >
    > > > > Thanks.
    > > > > Pat
    > > > >
    > > > > "Gregory" wrote:
    > > > >
    > > > > > If a file is encrypted on computer A on home network, why is not possible to
    > > > > > view the file on computer B even when the EFS certificate has been installed
    > > > > > on computer B?
    > > > > >
    > > > > > I have looked at Advanced Attributes Details button as per chapter 17 of
    > > > > > Windows XP Professional Resource Kit and it does not seem possible to select
    > > > > > a user of a different computer without the use of active directory. I don't
    > > > > > have active directory on my home network.
    > > >
    >
  6. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    So when Windows XP has been upgraded from Windows 2000, it is
    running in a kind of compatibility mode that is less secure
    than native XP mode?
    Is it a serious insecurity?
    I didn't find any mention of this anywhere. Any pointers?

    Thanks.

    "=?Utf-8?B?UGF0IEhvZmZlciBbTVNGVF0=?=" <pathoff@online.microsoft.com> wrote in message news:<956569C9-9B77-4C5B-870B-13F0C2F1F2B3@microsoft.com>...
    > Yes, sharing encrypted files on a workgroup was possible in Windows 2000.
    > The change in behavior is because of the differences in the security models
    > of the two operating systems. Windows XP is more secure. There is no way to
    > make it work in Windows 2000 mode.
    >
    > Thanks.
    > Pat
    >
    > "hiroshi" wrote:
    >
    > > Well, that clarifies it more than anything I could find anywhere else,
    > > thank you.
    > >
    > > But how come I could do it on Windows 2000, and in fact, Windows XP
    > > upgraded from 2000?
    > > Is there any way to put XP into the same mode in which Windows XP
    > > upgraded from Windows 2000 is?
    > >
    > >
    > > "=?Utf-8?B?UGF0IEhvZmZlciBbTVNGVF0=?=" <pathoff@online.microsoft.com> wrote in message news:<55365787-CFBB-49CC-92DA-7F4E930D4572@microsoft.com>...
    > > > It's impossible to share encrypted files between computers on a peer-to-peer
    > > > network. Sharing encrypted files requires an Active Directory network, the
    > > > kind of network most people have at work.
    > > >
    > > > Thanks.
    > > > Pat
    > > >
    > > > "hiroshi" wrote:
    > > >
    > > > > Hi,
    > > > >
    > > > > I have a desktop and a laptop, both with Windows XP Pro.
    > > > > I encrypt files on the laptop and I want to access them
    > > > > from the desktop over a peer-to-peer network.
    > > > >
    > > > > I did some search and found your post.
    > > > > But it is too obscure for me to understand.
    > > > >
    > > > > Are you saying it's impossible?
    > > > >
    > > > > If it's possible, will you tell me exactly how to configure
    > > > > the machines to enable the viewing?
    > > > >
    > > > > Thank you.
    > > > >
    > > > >
    > > > >
    > > > >
    > > > > "=?Utf-8?B?UGF0IEhvZmZlciBbTVNGVF0=?=" <pathoff@online.microsoft.com> wrote in message news:<622C1CF1-339C-4019-BFE3-12E7FAA52BE3@microsoft.com>...
    > > > > > That's right. ComputerA must be trusted for delegation in an Active
    > > > > > Directory environment in order to allow remote access to its encrypted files.
    > > > > > Through delegation with the user's credentials, ComputerA can decrypt the
    > > > > > files and send them in plaintext over the wire to ComputerB. ComputerB may
    > > > > > have the key, but it can't do the decrypting.
    > > > > >
    > > > > > See Delegated Server Mode:
    > > > > > http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx
    > > > > >
    > > > > > Thanks.
    > > > > > Pat
    > > > > >
    > > > > > "Gregory" wrote:
    > > > > >
    > > > > > > If a file is encrypted on computer A on home network, why is not possible to
    > > > > > > view the file on computer B even when the EFS certificate has been installed
    > > > > > > on computer B?
    > > > > > >
    > > > > > > I have looked at Advanced Attributes Details button as per chapter 17 of
    > > > > > > Windows XP Professional Resource Kit and it does not seem possible to select
    > > > > > > a user of a different computer without the use of active directory. I don't
    > > > > > > have active directory on my home network.
    > > > >
    > >
  7. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Once you upgrade to Windows XP you are running in the more secure Windows XP
    mode. Adding SP2 provides even more security to the system.

    BTW, SP2 also includes the "cipher /x" option that you can run in a command
    prompt to back up your EFS certificate and key. It creates a .pfx file that
    you should store on a floppy for safe-keeping.

    Thanks.
    Pat

    "hiroshi" wrote:

    > So when Windows XP has been upgraded from Windows 2000, it is
    > running in a kind of compatibility mode that is less secure
    > than native XP mode?
    > Is it a serious insecurity?
    > I didn't find any mention of this anywhere. Any pointers?
    >
    > Thanks.
    >
    > "=?Utf-8?B?UGF0IEhvZmZlciBbTVNGVF0=?=" <pathoff@online.microsoft.com> wrote in message news:<956569C9-9B77-4C5B-870B-13F0C2F1F2B3@microsoft.com>...
    > > Yes, sharing encrypted files on a workgroup was possible in Windows 2000.
    > > The change in behavior is because of the differences in the security models
    > > of the two operating systems. Windows XP is more secure. There is no way to
    > > make it work in Windows 2000 mode.
    > >
    > > Thanks.
    > > Pat
    > >
    > > "hiroshi" wrote:
    > >
    > > > Well, that clarifies it more than anything I could find anywhere else,
    > > > thank you.
    > > >
    > > > But how come I could do it on Windows 2000, and in fact, Windows XP
    > > > upgraded from 2000?
    > > > Is there any way to put XP into the same mode in which Windows XP
    > > > upgraded from Windows 2000 is?
    > > >
    > > >
    > > > "=?Utf-8?B?UGF0IEhvZmZlciBbTVNGVF0=?=" <pathoff@online.microsoft.com> wrote in message news:<55365787-CFBB-49CC-92DA-7F4E930D4572@microsoft.com>...
    > > > > It's impossible to share encrypted files between computers on a peer-to-peer
    > > > > network. Sharing encrypted files requires an Active Directory network, the
    > > > > kind of network most people have at work.
    > > > >
    > > > > Thanks.
    > > > > Pat
    > > > >
    > > > > "hiroshi" wrote:
    > > > >
    > > > > > Hi,
    > > > > >
    > > > > > I have a desktop and a laptop, both with Windows XP Pro.
    > > > > > I encrypt files on the laptop and I want to access them
    > > > > > from the desktop over a peer-to-peer network.
    > > > > >
    > > > > > I did some search and found your post.
    > > > > > But it is too obscure for me to understand.
    > > > > >
    > > > > > Are you saying it's impossible?
    > > > > >
    > > > > > If it's possible, will you tell me exactly how to configure
    > > > > > the machines to enable the viewing?
    > > > > >
    > > > > > Thank you.
    > > > > >
    > > > > >
    > > > > >
    > > > > >
    > > > > > "=?Utf-8?B?UGF0IEhvZmZlciBbTVNGVF0=?=" <pathoff@online.microsoft.com> wrote in message news:<622C1CF1-339C-4019-BFE3-12E7FAA52BE3@microsoft.com>...
    > > > > > > That's right. ComputerA must be trusted for delegation in an Active
    > > > > > > Directory environment in order to allow remote access to its encrypted files.
    > > > > > > Through delegation with the user's credentials, ComputerA can decrypt the
    > > > > > > files and send them in plaintext over the wire to ComputerB. ComputerB may
    > > > > > > have the key, but it can't do the decrypting.
    > > > > > >
    > > > > > > See Delegated Server Mode:
    > > > > > > http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx
    > > > > > >
    > > > > > > Thanks.
    > > > > > > Pat
    > > > > > >
    > > > > > > "Gregory" wrote:
    > > > > > >
    > > > > > > > If a file is encrypted on computer A on home network, why is not possible to
    > > > > > > > view the file on computer B even when the EFS certificate has been installed
    > > > > > > > on computer B?
    > > > > > > >
    > > > > > > > I have looked at Advanced Attributes Details button as per chapter 17 of
    > > > > > > > Windows XP Professional Resource Kit and it does not seem possible to select
    > > > > > > > a user of a different computer without the use of active directory. I don't
    > > > > > > > have active directory on my home network.
    > > > > >
    > > >
    >
  8. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    I am confused again.

    You wrote:

    A: It is impossible to share encrypted files between computers on a
    peer-to-peer network in Windows XP.

    B: It is possible in Windows 2000.

    C: The cause of different behavior is that Windows 2000 uses a less
    secure security model than the one in Windows XP.

    D: When you upgrade from Windows 2000 to XP, the security model used
    is the more secure XP model.


    Fact: It is POSSIBLE to share encrypted files between Windows XP
    computers on a peer-to-peer network, if the Windows XP that hosts the
    files has been upgraded from Windows 2000.


    Now, if an upgraded XP uses the new XP security model, and if the new
    XP model is the reason that XP does not allow sharing encypted files
    on a peer-to-peer network, why I can do it on the upgraded XP?

    It seems to me that it is either:

    1) Windows XP upgraded from Windows 2000 uses the less secure Windows
    2000 security model,

    2) The new Windows XP security model can allow sharing encrypted files
    on a peer-to-peer network,

    or

    3) The change of security models and the change in behavior in sharing
    encrypted files are not related.


    What am I missing?

    Hiroshi


    "=?Utf-8?B?UGF0IEhvZmZlciBbTVNGVF0=?=" <pathoff@online.microsoft.com> wrote in message news:<A382D1F3-5E09-4B52-B660-EF10DEC9924B@microsoft.com>...
    > Once you upgrade to Windows XP you are running in the more secure Windows XP
    > mode. Adding SP2 provides even more security to the system.
    >
    > BTW, SP2 also includes the "cipher /x" option that you can run in a command
    > prompt to back up your EFS certificate and key. It creates a .pfx file that
    > you should store on a floppy for safe-keeping.
    >
    > Thanks.
    > Pat
    >
    > "hiroshi" wrote:
    >
    > > So when Windows XP has been upgraded from Windows 2000, it is
    > > running in a kind of compatibility mode that is less secure
    > > than native XP mode?
    > > Is it a serious insecurity?
    > > I didn't find any mention of this anywhere. Any pointers?
    > >
    > > Thanks.
    > >
    > > "=?Utf-8?B?UGF0IEhvZmZlciBbTVNGVF0=?=" <pathoff@online.microsoft.com> wrote in message news:<956569C9-9B77-4C5B-870B-13F0C2F1F2B3@microsoft.com>...
    > > > Yes, sharing encrypted files on a workgroup was possible in Windows 2000.
    > > > The change in behavior is because of the differences in the security models
    > > > of the two operating systems. Windows XP is more secure. There is no way to
    > > > make it work in Windows 2000 mode.
    > > >
    > > > Thanks.
    > > > Pat
    > > >
    > > > "hiroshi" wrote:
    > > >
    > > > > Well, that clarifies it more than anything I could find anywhere else,
    > > > > thank you.
    > > > >
    > > > > But how come I could do it on Windows 2000, and in fact, Windows XP
    > > > > upgraded from 2000?
    > > > > Is there any way to put XP into the same mode in which Windows XP
    > > > > upgraded from Windows 2000 is?
    > > > >
    > > > >
    > > > > "=?Utf-8?B?UGF0IEhvZmZlciBbTVNGVF0=?=" <pathoff@online.microsoft.com> wrote in message news:<55365787-CFBB-49CC-92DA-7F4E930D4572@microsoft.com>...
    > > > > > It's impossible to share encrypted files between computers on a peer-to-peer
    > > > > > network. Sharing encrypted files requires an Active Directory network, the
    > > > > > kind of network most people have at work.
    > > > > >
    > > > > > Thanks.
    > > > > > Pat
    > > > > >
    > > > > > "hiroshi" wrote:
    > > > > >
    > > > > > > Hi,
    > > > > > >
    > > > > > > I have a desktop and a laptop, both with Windows XP Pro.
    > > > > > > I encrypt files on the laptop and I want to access them
    > > > > > > from the desktop over a peer-to-peer network.
    > > > > > >
    > > > > > > I did some search and found your post.
    > > > > > > But it is too obscure for me to understand.
    > > > > > >
    > > > > > > Are you saying it's impossible?
    > > > > > >
    > > > > > > If it's possible, will you tell me exactly how to configure
    > > > > > > the machines to enable the viewing?
    > > > > > >
    > > > > > > Thank you.
    > > > > > >
    > > > > > >
    > > > > > >
    > > > > > >
    > > > > > > "=?Utf-8?B?UGF0IEhvZmZlciBbTVNGVF0=?=" <pathoff@online.microsoft.com> wrote in message news:<622C1CF1-339C-4019-BFE3-12E7FAA52BE3@microsoft.com>...
    > > > > > > > That's right. ComputerA must be trusted for delegation in an Active
    > > > > > > > Directory environment in order to allow remote access to its encrypted files.
    > > > > > > > Through delegation with the user's credentials, ComputerA can decrypt the
    > > > > > > > files and send them in plaintext over the wire to ComputerB. ComputerB may
    > > > > > > > have the key, but it can't do the decrypting.
    > > > > > > >
    > > > > > > > See Delegated Server Mode:
    > > > > > > > http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx
    > > > > > > >
    > > > > > > > Thanks.
    > > > > > > > Pat
    > > > > > > >
    > > > > > > > "Gregory" wrote:
    > > > > > > >
    > > > > > > > > If a file is encrypted on computer A on home network, why is not possible to
    > > > > > > > > view the file on computer B even when the EFS certificate has been installed
    > > > > > > > > on computer B?
    > > > > > > > >
    > > > > > > > > I have looked at Advanced Attributes Details button as per chapter 17 of
    > > > > > > > > Windows XP Professional Resource Kit and it does not seem possible to select
    > > > > > > > > a user of a different computer without the use of active directory. I don't
    > > > > > > > > have active directory on my home network.
    > > > > > >
    > > > >
    > >
  9. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Hi, It's easy, visit http://www.dreamflysoft.com and download Cool
    File Encryption to help you.
Ask a new question

Read More

File System Computers Active Directory Windows XP