Sign in with
Sign up | Sign in
Your question

exporting certificate/ key for encrypted folder

Last response: in Windows XP
Share
Anonymous
March 29, 2005 4:23:29 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hi

I have created a backup of my hard drive using XP backup onto an
external hard drive in a folder that has encryption enabled.

I couldn't follow the info in windows help or on MS website about how
to create a recovery agent - it said "be prepared to supply a user
with a certificate" but gave no information on how to create such a
thing.

From reading past messages on this newsgroup it seems that all you
need to do is use Internet explorer / internet options/ content/
certificates/ personal -> export personal certificate and include the
private key in the .pfx file. Then copy the pfx file to CDROM or
floppy disk.

Is this the correct thing to do?

Can I import this pfx file onto another XP machine without destroying
the existing "personal EFS certificate/key" on that machine?

Thanks for any help.

Graeme
Anonymous
March 29, 2005 4:23:30 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

"akiwi" <invalid@notHere.com> wrote in message
news:c9tf41t15kij92avb7beebkbgtb133svl1@4ax.com...
>
> Hi
>
> I have created a backup of my hard drive using XP backup onto an
> external hard drive in a folder that has encryption enabled.
>
> I couldn't follow the info in windows help or on MS website about how
> to create a recovery agent - it said "be prepared to supply a user
> with a certificate" but gave no information on how to create such a
> thing.
>
> From reading past messages on this newsgroup it seems that all you
> need to do is use Internet explorer / internet options/ content/
> certificates/ personal -> export personal certificate and include the
> private key in the .pfx file. Then copy the pfx file to CDROM or
> floppy disk.
>
> Is this the correct thing to do?
>
> Can I import this pfx file onto another XP machine without destroying
> the existing "personal EFS certificate/key" on that machine?
>
> Thanks for any help.
>

Search help and support for the cipher command. Cipher /x will export the
certificate. Make sure you test restoring your files before you need to
actually do it. EFS is a major cause of lost data if things are not done
exactly right. Test restoring and reading your files on an another computer.
Make sure both computers are not in the same domain if you are networked. If
you can do this then your data should be safe.

Kerry
Anonymous
March 29, 2005 12:14:53 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

On Mon, 28 Mar 2005 07:03:26 -0800, "Kerry Brown"
<kerry@kdbNOSPAMsystems.c*o*m> wrote:

>>
>> From reading past messages on this newsgroup it seems that all you
>> need to do is use Internet explorer / internet options/ content/
>> certificates/ personal -> export personal certificate and include the
>> private key in the .pfx file. Then copy the pfx file to CDROM or
>> floppy disk.
>>
>> Is this the correct thing to do?
>>
>> Can I import this pfx file onto another XP machine without destroying
>> the existing "personal EFS certificate/key" on that machine?
>>
>> Thanks for any help.
>>
>
>Search help and support for the cipher command. Cipher /x will export the
>certificate. Make sure you test restoring your files before you need to
>actually do it. EFS is a major cause of lost data if things are not done
>exactly right. Test restoring and reading your files on an another computer.
>Make sure both computers are not in the same domain if you are networked. If
>you can do this then your data should be safe.


Help and support makes no mention of a /x switch for the cipher
command. Does the method I posted work?

Graeme
Related resources
Anonymous
March 29, 2005 12:14:54 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

"akiwi" <invalid@notHere.com> wrote in message
news:7apg41p9kr0jqj8ldtskvchj0jasil7ibf@4ax.com...
> On Mon, 28 Mar 2005 07:03:26 -0800, "Kerry Brown"
> <kerry@kdbNOSPAMsystems.c*o*m> wrote:
>
>>>
>>> From reading past messages on this newsgroup it seems that all you
>>> need to do is use Internet explorer / internet options/ content/
>>> certificates/ personal -> export personal certificate and include the
>>> private key in the .pfx file. Then copy the pfx file to CDROM or
>>> floppy disk.
>>>
>>> Is this the correct thing to do?
>>>
>>> Can I import this pfx file onto another XP machine without destroying
>>> the existing "personal EFS certificate/key" on that machine?
>>>
>>> Thanks for any help.
>>>
>>
>>Search help and support for the cipher command. Cipher /x will export the
>>certificate. Make sure you test restoring your files before you need to
>>actually do it. EFS is a major cause of lost data if things are not done
>>exactly right. Test restoring and reading your files on an another
>>computer.
>>Make sure both computers are not in the same domain if you are networked.
>>If
>>you can do this then your data should be safe.
>
>
> Help and support makes no mention of a /x switch for the cipher
> command. Does the method I posted work?
>
> Graeme

The method you posted should work as well. I used to use that until I found
the cipher command. What version of XP and what service pack level are you
at? Did you try cipher /? at a cmd prompt?

Kerry
Anonymous
March 29, 2005 11:51:20 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

On Mon, 28 Mar 2005 14:09:51 -0800, "Kerry Brown"
<kerry@kdbNOSPAMsystems.c*o*m> wrote:

[snip]
>>
>> Help and support makes no mention of a /x switch for the cipher
>> command. Does the method I posted work?
>>
>> Graeme
>
>The method you posted should work as well. I used to use that until I found
>the cipher command. What version of XP and what service pack level are you
>at? Did you try cipher /? at a cmd prompt?
>


I've found that XP SP1 doesn't list the /x switch for cipher /? but
SP2 does list it. I'll use both for now until I get a chance to check
that they work. Thanks.

Graeme
Anonymous
March 29, 2005 11:51:21 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

"akiwi" <invalid@notHere.com> wrote in message
news:j32i41576ri96cgc96bfpku5iuh4209dv3@4ax.com...

<snip>

>
> I've found that XP SP1 doesn't list the /x switch for cipher /? but
> SP2 does list it. I'll use both for now until I get a chance to check
> that they work. Thanks.
>
> Graeme

Your welcome. Make sure you test recovering encrypted files thoroughly. EFS
is very tricky and a major cause of data loss. Simple things like changing a
password can break it.

Kerry
!