encrypted files (NTFS EFS) on external USB drive

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I need to put NTFS EFS files on a USB external drive and then be able to
read and use those files (with a password, of course) when that USB
drive is plugged into another computer.

I've created the drive and EFS encrypted files, and they work -- on the
computer on which they were created.

I exported the certificate (.pfx file) from the computer on which the
files were made, and imported it into the "target" computer, thinking
that this would give me access to the files on the target. However, it
did not (or quite possibly I did it wrong).

Can someone tell me how to do this? No data has been lost or anything,
I just want to understand how to create encrypted files on an external
USB drive and then access those files "normally" when that drive is
plugged into another computer.

Thanks
11 answers Last reply
More about encrypted files ntfs external drive
  1. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    EFS works only on NTFS.
    Som
  2. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    yes, I know that, this was on an NTFS partition, as was stated in the
    original question. EFS is working just fine; the question is, how to
    read the encrypted files when the drive (a USB external drive with an
    NTFS partition) is moved to another computer (also running XP Pro).


    Som wrote:
    > EFS works only on NTFS.
    > Som
    >

    Original post:

    I need to put NTFS EFS files on a USB external drive and then be able to
    read and use those files (with a password, of course) when that USB
    drive is plugged into another computer.

    I've created the drive and EFS encrypted files, and they work -- on the
    computer on which they were created.

    I exported the certificate (.pfx file) from the computer on which the
    files were made, and imported it into the "target" computer, thinking
    that this would give me access to the files on the target. However, it
    did not (or quite possibly I did it wrong).

    Can someone tell me how to do this? No data has been lost or anything,
    I just want to understand how to create encrypted files on an external
    USB drive and then access those files "normally" when that drive is
    plugged into another computer.

    Thanks
  3. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    yes, I know that, this was on an NTFS partition, as was stated in the
    original question. EFS is working just fine; the question is, how to
    read the encrypted files when the drive (a USB external drive with an
    NTFS partition) is moved to another computer (also running XP Pro).


    Som wrote:
    > EFS works only on NTFS.
    > Som
    >

    Original post:

    I need to put NTFS EFS files on a USB external drive and then be able to
    read and use those files (with a password, of course) when that USB
    drive is plugged into another computer.

    I've created the drive and EFS encrypted files, and they work -- on the
    computer on which they were created.

    I exported the certificate (.pfx file) from the computer on which the
    files were made, and imported it into the "target" computer, thinking
    that this would give me access to the files on the target. However, it
    did not (or quite possibly I did it wrong).

    Can someone tell me how to do this? No data has been lost or anything,
    I just want to understand how to create encrypted files on an external
    USB drive and then access those files "normally" when that drive is
    plugged into another computer.

    Thanks
  4. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    I've never tried what you're doing, but I would think it would work. Here's
    a few things you may want to check:

    1. Is the second machine the same XP (and service pack, if any) as the
    first? The encryption algorithm is different between XP and XP SP1-2.
    2. Do you have permissions to the files when you're accessing them on the
    second machine. (You may have to take ownership.)
    3. Are you sure you've imported the EFS private key and not just the
    certificate? To check that, right-click the certificate (in your
    Certificates snap-in) and select All Tasks > Export to launch the Export
    Wizard. On the second page, is "Yes, export the private key" active or
    grayed out? Grayed-out means the private key is missing; run the .pfx file
    to import it. Active means the key is there.

    Hope that helps.

    Thanks.
    Pat

    "Barry Watzman" wrote:

    > yes, I know that, this was on an NTFS partition, as was stated in the
    > original question. EFS is working just fine; the question is, how to
    > read the encrypted files when the drive (a USB external drive with an
    > NTFS partition) is moved to another computer (also running XP Pro).
    >
    >
    > Som wrote:
    > > EFS works only on NTFS.
    > > Som
    > >
    >
    > Original post:
    >
    > I need to put NTFS EFS files on a USB external drive and then be able to
    > read and use those files (with a password, of course) when that USB
    > drive is plugged into another computer.
    >
    > I've created the drive and EFS encrypted files, and they work -- on the
    > computer on which they were created.
    >
    > I exported the certificate (.pfx file) from the computer on which the
    > files were made, and imported it into the "target" computer, thinking
    > that this would give me access to the files on the target. However, it
    > did not (or quite possibly I did it wrong).
    >
    > Can someone tell me how to do this? No data has been lost or anything,
    > I just want to understand how to create encrypted files on an external
    > USB drive and then access those files "normally" when that drive is
    > plugged into another computer.
    >
    > Thanks
    >
  5. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    The second machine is also running XP Pro SP2 (the machines in question
    are my desktop and my laptop, both running XP Pro SP2, in my residence,
    not on a domain). There is no explicitly designated recovery agent, but
    I am the only user on both machines.

    It's not clear if I have the necessary "permission" on the laptop or
    not, but I have tried taking ownership on the laptop (apparently
    successfully) and it still won't let me open the encrypted files. The
    message just says that you don't have the necessary rights and that the
    file may be encrypted. It's a bit ambiguous as to why I can't open it,
    however I believe it's because of encryption.

    No, I'm not SURE that I imported the EFS private key and not just the
    certificate. I'd appreciate instructions on both the export and the
    import of whatever is needed. I did some reading and research and
    followed what seemed to be instructions as well as possible, but all of
    this was a bit unclear. I did what you said; "yes, export private key"
    was active (not grayed out) and was checked, and the operation seemed to
    complete successfully. On the laptop, I double clicked on it and it
    seemed to import properly.


    Pat Hoffer [MSFT] wrote:

    > I've never tried what you're doing, but I would think it would work. Here's
    > a few things you may want to check:
    >
    > 1. Is the second machine the same XP (and service pack, if any) as the
    > first? The encryption algorithm is different between XP and XP SP1-2.
    > 2. Do you have permissions to the files when you're accessing them on the
    > second machine. (You may have to take ownership.)
    > 3. Are you sure you've imported the EFS private key and not just the
    > certificate? To check that, right-click the certificate (in your
    > Certificates snap-in) and select All Tasks > Export to launch the Export
    > Wizard. On the second page, is "Yes, export the private key" active or
    > grayed out? Grayed-out means the private key is missing; run the .pfx file
    > to import it. Active means the key is there.
    >
    > Hope that helps.
    >
    > Thanks.
    > Pat
    >
    > "Barry Watzman" wrote:
    >
    >
    >>yes, I know that, this was on an NTFS partition, as was stated in the
    >>original question. EFS is working just fine; the question is, how to
    >>read the encrypted files when the drive (a USB external drive with an
    >>NTFS partition) is moved to another computer (also running XP Pro).
    >>
    >>
    >>Som wrote:
    >>
    >>>EFS works only on NTFS.
    >>>Som
    >>>
    >>
    >>Original post:
    >>
    >>I need to put NTFS EFS files on a USB external drive and then be able to
    >>read and use those files (with a password, of course) when that USB
    >>drive is plugged into another computer.
    >>
    >>I've created the drive and EFS encrypted files, and they work -- on the
    >>computer on which they were created.
    >>
    >>I exported the certificate (.pfx file) from the computer on which the
    >>files were made, and imported it into the "target" computer, thinking
    >>that this would give me access to the files on the target. However, it
    >>did not (or quite possibly I did it wrong).
    >>
    >>Can someone tell me how to do this? No data has been lost or anything,
    >>I just want to understand how to create encrypted files on an external
    >>USB drive and then access those files "normally" when that drive is
    >>plugged into another computer.
    >>
    >>Thanks
    >>
  6. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    In article <425C3348.6030306@neo.rr.com>, WatzmanNOSPAM@neo.rr.com
    says...

    Oh, somehow I had a thought it was USB flash drive, not hard disk on
    USB.

    Files are encrypted for current recovery agents - if new certificate is
    added later, you have to re-encrypt files (either "touch" it with
    cipher.exe or de-encrypt again) to include new recovery agent.

    cipher /U
    "...Tries to touch all the encrypted files on local drives. This will
    update user's file encryption key or recovery agent's key to the current
    ones if they are changed. This option does not work with other options
    except /N..."


    Som


    > yes, I know that, this was on an NTFS partition, as was stated in the
    > original question. EFS is working just fine; the question is, how to
    > read the encrypted files when the drive (a USB external drive with an
    > NTFS partition) is moved to another computer (also running XP Pro).
    >
    >
    > Som wrote:
    > > EFS works only on NTFS.
    > > Som
    > >
    >
    > Original post:
    >
    > I need to put NTFS EFS files on a USB external drive and then be able to
    > read and use those files (with a password, of course) when that USB
    > drive is plugged into another computer.
    >
    > I've created the drive and EFS encrypted files, and they work -- on the
    > computer on which they were created.
    >
    > I exported the certificate (.pfx file) from the computer on which the
    > files were made, and imported it into the "target" computer, thinking
    > that this would give me access to the files on the target. However, it
    > did not (or quite possibly I did it wrong).
    >
    > Can someone tell me how to do this? No data has been lost or anything,
    > I just want to understand how to create encrypted files on an external
    > USB drive and then access those files "normally" when that drive is
    > plugged into another computer.
    >
    > Thanks
    >

    --
    Som, kripl.ing.
    --
    Dnevno umre 18000 djece mladje od 5g zbog gladi www.thehungersite.com
    XOMU Elektricki casopiz za razbirazonodu i brigu www.somware.hr/xomu
    SOMWARE Prvi privatni besplatni web domacin u Hrvata www.somware.hr
  7. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Ok, this is a "home" system, not part of a domain, I am the only user,
    there is no "recover agent" unless, being the only user, I am also a
    default recovery agent. The OS is XP Pro SP2.

    Can you tell me what to I need to do so that when I take this USB 200
    gig NTFS hard drive to another computer (e.g. my laptop, also running XP
    Pro), I can access the files?

    I thought that I had exported the certificate (as a .pfx file) on the
    desktop and imported it on the laptop. But whatever I did (possibly
    incorrectly), it still didn't work.


    Som wrote:
    > In article <425C3348.6030306@neo.rr.com>, WatzmanNOSPAM@neo.rr.com
    > says...
    >
    > Oh, somehow I had a thought it was USB flash drive, not hard disk on
    > USB.
    >
    > Files are encrypted for current recovery agents - if new certificate is
    > added later, you have to re-encrypt files (either "touch" it with
    > cipher.exe or de-encrypt again) to include new recovery agent.
    >
    > cipher /U
    > "...Tries to touch all the encrypted files on local drives. This will
    > update user's file encryption key or recovery agent's key to the current
    > ones if they are changed. This option does not work with other options
    > except /N..."
    >
    >
    > Som
    >
    >>yes, I know that, this was on an NTFS partition, as was stated in the
    >>original question. EFS is working just fine; the question is, how to
    >>read the encrypted files when the drive (a USB external drive with an
    >>NTFS partition) is moved to another computer (also running XP Pro).
    >>
    >>
    >>Som wrote:
    >>
    >>>EFS works only on NTFS.
    >>>Som
    >>>
    >>
    >>Original post:
    >>
    >>I need to put NTFS EFS files on a USB external drive and then be able to
    >>read and use those files (with a password, of course) when that USB
    >>drive is plugged into another computer.
    >>
    >>I've created the drive and EFS encrypted files, and they work -- on the
    >>computer on which they were created.
    >>
    >>I exported the certificate (.pfx file) from the computer on which the
    >>files were made, and imported it into the "target" computer, thinking
    >>that this would give me access to the files on the target. However, it
    >>did not (or quite possibly I did it wrong).
    >>
    >>Can someone tell me how to do this? No data has been lost or anything,
    >>I just want to understand how to create encrypted files on an external
    >>USB drive and then access those files "normally" when that drive is
    >>plugged into another computer.
    >>
    >>Thanks
    >>
    >
    >
  8. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Ok, this is a "home" system, not part of a domain, I am the only user,
    there is no "recover agent" unless, being the only user, I am also a
    default recovery agent. The OS is XP Pro SP2.

    Can you tell me what to I need to do so that when I take this USB 200
    gig NTFS hard drive to another computer (e.g. my laptop, also running XP
    Pro), I can access the files?

    I thought that I had exported the certificate (as a .pfx file) on the
    desktop and imported it on the laptop. But whatever I did (possibly
    incorrectly), it still didn't work.


    Som wrote:
    > In article <425C3348.6030306@neo.rr.com>, WatzmanNOSPAM@neo.rr.com
    > says...
    >
    > Oh, somehow I had a thought it was USB flash drive, not hard disk on
    > USB.
    >
    > Files are encrypted for current recovery agents - if new certificate is
    > added later, you have to re-encrypt files (either "touch" it with
    > cipher.exe or de-encrypt again) to include new recovery agent.
    >
    > cipher /U
    > "...Tries to touch all the encrypted files on local drives. This will
    > update user's file encryption key or recovery agent's key to the current
    > ones if they are changed. This option does not work with other options
    > except /N..."
    >
    >
    > Som
    >
    >>yes, I know that, this was on an NTFS partition, as was stated in the
    >>original question. EFS is working just fine; the question is, how to
    >>read the encrypted files when the drive (a USB external drive with an
    >>NTFS partition) is moved to another computer (also running XP Pro).
    >>
    >>
    >>Som wrote:
    >>
    >>>EFS works only on NTFS.
    >>>Som
    >>>
    >>
    >>Original post:
    >>
    >>I need to put NTFS EFS files on a USB external drive and then be able to
    >>read and use those files (with a password, of course) when that USB
    >>drive is plugged into another computer.
    >>
    >>I've created the drive and EFS encrypted files, and they work -- on the
    >>computer on which they were created.
    >>
    >>I exported the certificate (.pfx file) from the computer on which the
    >>files were made, and imported it into the "target" computer, thinking
    >>that this would give me access to the files on the target. However, it
    >>did not (or quite possibly I did it wrong).
    >>
    >>Can someone tell me how to do this? No data has been lost or anything,
    >>I just want to understand how to create encrypted files on an external
    >>USB drive and then access those files "normally" when that drive is
    >>plugged into another computer.
    >>
    >>Thanks
    >>
    >
    >
  9. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    In news:425C8AB0.1050203@neo.rr.com,
    Barry Watzman <WatzmanNOSPAM@neo.rr.com> had this to say:

    My reply is at the bottom of your sent message:

    > The second machine is also running XP Pro SP2 (the machines in
    > question are my desktop and my laptop, both running XP Pro SP2, in my
    > residence, not on a domain). There is no explicitly designated
    > recovery agent, but I am the only user on both machines.
    >
    > It's not clear if I have the necessary "permission" on the laptop or
    > not, but I have tried taking ownership on the laptop (apparently
    > successfully) and it still won't let me open the encrypted files. The
    > message just says that you don't have the necessary rights and that
    > the file may be encrypted. It's a bit ambiguous as to why I can't
    > open it, however I believe it's because of encryption.
    >
    > No, I'm not SURE that I imported the EFS private key and not just the
    > certificate. I'd appreciate instructions on both the export and the
    > import of whatever is needed. I did some reading and research and
    > followed what seemed to be instructions as well as possible, but all
    > of this was a bit unclear. I did what you said; "yes, export private
    > key" was active (not grayed out) and was checked, and the operation
    > seemed to complete successfully. On the laptop, I double clicked on
    > it and it seemed to import properly.

    I don't want to hijack this thread but I see this problem so often that I'd
    flagged it so that I can hopefully get a definitive answer. In this
    particular case you can double check your steps. Here's a handy dandy Google
    link that *should* give you about all you're interested in and help you
    troubleshoot this as I too haven't ever tried this:

    http://www.google.com/search?num=100&hl=en&lr=&newwindow=1&safe=off&q=export+efs+key+windows+xp+site%3Amicrosoft.com

    I've found the most accurate answers for this troubling EFS stuff to be on
    the Microsoft site so I've limited the search to just microsoft.com for you.
    The first link looks pretty interesting and might be what you're looking
    for. Basically, I'd just use that to double check the steps you've already
    taken (it sounds like you're going in the right direction but might be
    missing a step.)

    To know if you've taken ownership of a file:

    http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q308421

    Galen
    --
    Signature changed for a moment of silence.
    Rest well Alex and we'll see you on the other side.
  10. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Generally:


    - encrypt file c:\A on PC1
    - encrypt file c:\B on PC2
    - cipher.exe /R on PC1
    - cipher.exe /R on PC2
    - exchange certificate files
    - import cert file from PC1 to PC2 (double click)
    - import cert file from PC2 to PC1 (double click)
    - encrypt file C on USB drive on PC1
    - you should be able to decrypt it on PC2

    Som
  11. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    follow this link for some helpful information
    http://www.somacon.com/blog/page7.php


    --
    jintan_g
    ------------------------------------------------------------------------
    jintan_g's Profile: http://forums.techarena.in/member.php?userid=1195
    View this thread: http://forums.techarena.in/showthread.php?t=79632
    | http://www.techarena.in | http://forums.techarena.in | http://gallery.techarena.in | http://forums.techarena.in/archive/index.php/ |
Ask a new question

Read More

Computers Windows XP