Sign in with
Sign up | Sign in
Your question

EFS On Drive Works With >1 Computer?

Last response: in Windows XP
Share
Anonymous
a b 8 Security
August 8, 2005 10:11:03 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

If I encrypt my files with EFS on a slave drive and then remove the drive
from the computer to use in another computer (ex. if the original computer
breaks down), will I still be able to read them from the other computer or do
I need the master drive? -Mihir
Anonymous
a b 8 Security
August 9, 2005 1:41:05 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

You need the keys which will probably be on the master drive.
If you format, lose or otherwise lose access to the primary, your data is as
good as gone and you should not expect to regain access EVER.
See the links near the bottom of this page for proper procedures to help you
protect your data:
http://www3.telus.net/dandemar/encrypt.htm

--
Jupiter Jones [MVP]
http://www3.telus.net/dandemar
http://www.dts-l.org


"Mihir Kotwal" <MihirKotwal@discussions.microsoft.com> wrote in message
news:FC3C23FE-7420-4266-8CAC-22AEC30ECE46@microsoft.com...
> If I encrypt my files with EFS on a slave drive and then remove the drive
> from the computer to use in another computer (ex. if the original computer
> breaks down), will I still be able to read them from the other computer or
> do
> I need the master drive? -Mihir
Anonymous
a b 8 Security
August 9, 2005 2:31:04 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

So if I export the certificate from Internet Explorer and save it on my slave
drive, I should be able to see the files on an XP Pro computer after
importing the certificate, right? -Mihir

"Jupiter Jones [MVP]" wrote:

> You need the keys which will probably be on the master drive.
> If you format, lose or otherwise lose access to the primary, your data is as
> good as gone and you should not expect to regain access EVER.
> See the links near the bottom of this page for proper procedures to help you
> protect your data:
> http://www3.telus.net/dandemar/encrypt.htm
>
> --
> Jupiter Jones [MVP]
> http://www3.telus.net/dandemar
> http://www.dts-l.org
>
>
> "Mihir Kotwal" <MihirKotwal@discussions.microsoft.com> wrote in message
> news:FC3C23FE-7420-4266-8CAC-22AEC30ECE46@microsoft.com...
> > If I encrypt my files with EFS on a slave drive and then remove the drive
> > from the computer to use in another computer (ex. if the original computer
> > breaks down), will I still be able to read them from the other computer or
> > do
> > I need the master drive? -Mihir
>
>
>
Related resources
Anonymous
a b 8 Security
August 9, 2005 3:13:29 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

"Mihir Kotwal" <MihirKotwal@discussions.microsoft.com> wrote in message
news:A6A4339C-DF82-4084-A8D0-87764BC52B0F@microsoft.com...
> So if I export the certificate from Internet Explorer and save it on my
> slave
> drive, I should be able to see the files on an XP Pro computer after
> importing the certificate, right? -Mihir

Probably if you are in a AD environment. If you are are not then a lot of
trial and error is usually involved in getting it working. If you are not in
a domain I suggest you search for an alternate encryption method.

Kerry

>
> "Jupiter Jones [MVP]" wrote:
>
>> You need the keys which will probably be on the master drive.
>> If you format, lose or otherwise lose access to the primary, your data is
>> as
>> good as gone and you should not expect to regain access EVER.
>> See the links near the bottom of this page for proper procedures to help
>> you
>> protect your data:
>> http://www3.telus.net/dandemar/encrypt.htm
>>
>> --
>> Jupiter Jones [MVP]
>> http://www3.telus.net/dandemar
>> http://www.dts-l.org
>>
>>
>> "Mihir Kotwal" <MihirKotwal@discussions.microsoft.com> wrote in message
>> news:FC3C23FE-7420-4266-8CAC-22AEC30ECE46@microsoft.com...
>> > If I encrypt my files with EFS on a slave drive and then remove the
>> > drive
>> > from the computer to use in another computer (ex. if the original
>> > computer
>> > breaks down), will I still be able to read them from the other computer
>> > or
>> > do
>> > I need the master drive? -Mihir
>>
>>
>>
Anonymous
a b 8 Security
August 9, 2005 3:19:15 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

So it isn't as easy as importing the certificate on the second computer and
then being able to use the files as if it was on the first computer? -Mihir

"Kerry Brown" wrote:

> "Mihir Kotwal" <MihirKotwal@discussions.microsoft.com> wrote in message
> news:A6A4339C-DF82-4084-A8D0-87764BC52B0F@microsoft.com...
> > So if I export the certificate from Internet Explorer and save it on my
> > slave
> > drive, I should be able to see the files on an XP Pro computer after
> > importing the certificate, right? -Mihir
>
> Probably if you are in a AD environment. If you are are not then a lot of
> trial and error is usually involved in getting it working. If you are not in
> a domain I suggest you search for an alternate encryption method.
>
> Kerry
>
> >
> > "Jupiter Jones [MVP]" wrote:
> >
> >> You need the keys which will probably be on the master drive.
> >> If you format, lose or otherwise lose access to the primary, your data is
> >> as
> >> good as gone and you should not expect to regain access EVER.
> >> See the links near the bottom of this page for proper procedures to help
> >> you
> >> protect your data:
> >> http://www3.telus.net/dandemar/encrypt.htm
> >>
> >> --
> >> Jupiter Jones [MVP]
> >> http://www3.telus.net/dandemar
> >> http://www.dts-l.org
> >>
> >>
> >> "Mihir Kotwal" <MihirKotwal@discussions.microsoft.com> wrote in message
> >> news:FC3C23FE-7420-4266-8CAC-22AEC30ECE46@microsoft.com...
> >> > If I encrypt my files with EFS on a slave drive and then remove the
> >> > drive
> >> > from the computer to use in another computer (ex. if the original
> >> > computer
> >> > breaks down), will I still be able to read them from the other computer
> >> > or
> >> > do
> >> > I need the master drive? -Mihir
> >>
> >>
> >>
>
>
>
Anonymous
a b 8 Security
August 9, 2005 4:14:00 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

"Mihir Kotwal" <MihirKotwal@discussions.microsoft.com> wrote in message
news:86499816-A33C-48F9-9470-E2567B0A982A@microsoft.com...
> So it isn't as easy as importing the certificate on the second computer
> and
> then being able to use the files as if it was on the first
> omputer? -Mihir
>

If you are using AD yes, If not, then no. It can be made to work out of a
domain but it is complicated, time consuming, and fraught with the
possibilty of data loss. If you use it make sure you test encrypting and
decrypting several times on several computers so you know how it works
inside out. Make sure you have copies of the certificates with keys stored
in a safe place, like on several floppies and/or CDROMs stored away
somewhere. It is best to have an image of the system used to encrypt the
files stored somewhere as well.

Kerry

> "Kerry Brown" wrote:
>
>> "Mihir Kotwal" <MihirKotwal@discussions.microsoft.com> wrote in message
>> news:A6A4339C-DF82-4084-A8D0-87764BC52B0F@microsoft.com...
>> > So if I export the certificate from Internet Explorer and save it on my
>> > slave
>> > drive, I should be able to see the files on an XP Pro computer after
>> > importing the certificate, right? -Mihir
>>
>> Probably if you are in a AD environment. If you are are not then a lot of
>> trial and error is usually involved in getting it working. If you are not
>> in
>> a domain I suggest you search for an alternate encryption method.
>>
>> Kerry
>>
>> >
>> > "Jupiter Jones [MVP]" wrote:
>> >
>> >> You need the keys which will probably be on the master drive.
>> >> If you format, lose or otherwise lose access to the primary, your data
>> >> is
>> >> as
>> >> good as gone and you should not expect to regain access EVER.
>> >> See the links near the bottom of this page for proper procedures to
>> >> help
>> >> you
>> >> protect your data:
>> >> http://www3.telus.net/dandemar/encrypt.htm
>> >>
>> >> --
>> >> Jupiter Jones [MVP]
>> >> http://www3.telus.net/dandemar
>> >> http://www.dts-l.org
>> >>
>> >>
>> >> "Mihir Kotwal" <MihirKotwal@discussions.microsoft.com> wrote in
>> >> message
>> >> news:FC3C23FE-7420-4266-8CAC-22AEC30ECE46@microsoft.com...
>> >> > If I encrypt my files with EFS on a slave drive and then remove the
>> >> > drive
>> >> > from the computer to use in another computer (ex. if the original
>> >> > computer
>> >> > breaks down), will I still be able to read them from the other
>> >> > computer
>> >> > or
>> >> > do
>> >> > I need the master drive? -Mihir
>> >>
>> >>
>> >>
>>
>>
>>
Anonymous
a b 8 Security
August 9, 2005 4:46:06 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I have Windows Server 2003 as a domain controller and it has the slave drive
I am talking about. I also have a Win XP Pro computer. I want to be able to
read the files on the slave drive of the Server on the XP computer in case
the server breaks down (meaning the domain would also not work) and I need
the files urgently. What is the barrier that makes the process so time
consuming? -Mihir

"Kerry Brown" wrote:

> "Mihir Kotwal" <MihirKotwal@discussions.microsoft.com> wrote in message
> news:86499816-A33C-48F9-9470-E2567B0A982A@microsoft.com...
> > So it isn't as easy as importing the certificate on the second computer
> > and
> > then being able to use the files as if it was on the first
> > omputer? -Mihir
> >
>
> If you are using AD yes, If not, then no. It can be made to work out of a
> domain but it is complicated, time consuming, and fraught with the
> possibilty of data loss. If you use it make sure you test encrypting and
> decrypting several times on several computers so you know how it works
> inside out. Make sure you have copies of the certificates with keys stored
> in a safe place, like on several floppies and/or CDROMs stored away
> somewhere. It is best to have an image of the system used to encrypt the
> files stored somewhere as well.
>
> Kerry
>
> > "Kerry Brown" wrote:
> >
> >> "Mihir Kotwal" <MihirKotwal@discussions.microsoft.com> wrote in message
> >> news:A6A4339C-DF82-4084-A8D0-87764BC52B0F@microsoft.com...
> >> > So if I export the certificate from Internet Explorer and save it on my
> >> > slave
> >> > drive, I should be able to see the files on an XP Pro computer after
> >> > importing the certificate, right? -Mihir
> >>
> >> Probably if you are in a AD environment. If you are are not then a lot of
> >> trial and error is usually involved in getting it working. If you are not
> >> in
> >> a domain I suggest you search for an alternate encryption method.
> >>
> >> Kerry
> >>
> >> >
> >> > "Jupiter Jones [MVP]" wrote:
> >> >
> >> >> You need the keys which will probably be on the master drive.
> >> >> If you format, lose or otherwise lose access to the primary, your data
> >> >> is
> >> >> as
> >> >> good as gone and you should not expect to regain access EVER.
> >> >> See the links near the bottom of this page for proper procedures to
> >> >> help
> >> >> you
> >> >> protect your data:
> >> >> http://www3.telus.net/dandemar/encrypt.htm
> >> >>
> >> >> --
> >> >> Jupiter Jones [MVP]
> >> >> http://www3.telus.net/dandemar
> >> >> http://www.dts-l.org
> >> >>
> >> >>
> >> >> "Mihir Kotwal" <MihirKotwal@discussions.microsoft.com> wrote in
> >> >> message
> >> >> news:FC3C23FE-7420-4266-8CAC-22AEC30ECE46@microsoft.com...
> >> >> > If I encrypt my files with EFS on a slave drive and then remove the
> >> >> > drive
> >> >> > from the computer to use in another computer (ex. if the original
> >> >> > computer
> >> >> > breaks down), will I still be able to read them from the other
> >> >> > computer
> >> >> > or
> >> >> > do
> >> >> > I need the master drive? -Mihir
> >> >>
> >> >>
> >> >>
> >>
> >>
> >>
>
>
>
Anonymous
a b 8 Security
August 9, 2005 8:33:07 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

"Mihir Kotwal" <MihirKotwal@discussions.microsoft.com> wrote in message
news:EAABE9E3-8095-42AF-B103-8ED85E457382@microsoft.com...
>I have Windows Server 2003 as a domain controller and it has the slave
>drive
> I am talking about. I also have a Win XP Pro computer. I want to be able
> to
> read the files on the slave drive of the Server on the XP computer in case
> the server breaks down (meaning the domain would also not work) and I need
> the files urgently. What is the barrier that makes the process so time
> consuming? -Mihir
>

There are several steps that must be done in exactly the right order. That
is why I recommend you test it on several computers first. Make sure one of
the computers you test it on is not and never has been joined to the domain.
The testing and learning how it works is the time consuming part. EFS works
exactly as advertised. It is impossible to decrypt if something goes wrong.
Theoretically if you had access to a super computer and the MS algorithms
you may be able to break it. You are better off with using physical security
(i.e. locking up the data in a safe place) if at all possible. In any case
make sure you have the server backed up. You may not be able to decrypt the
files until AD is up and running again.

Kerry


> "Kerry Brown" wrote:
>
>> "Mihir Kotwal" <MihirKotwal@discussions.microsoft.com> wrote in message
>> news:86499816-A33C-48F9-9470-E2567B0A982A@microsoft.com...
>> > So it isn't as easy as importing the certificate on the second computer
>> > and
>> > then being able to use the files as if it was on the first
>> > omputer? -Mihir
>> >
>>
>> If you are using AD yes, If not, then no. It can be made to work out of a
>> domain but it is complicated, time consuming, and fraught with the
>> possibilty of data loss. If you use it make sure you test encrypting and
>> decrypting several times on several computers so you know how it works
>> inside out. Make sure you have copies of the certificates with keys
>> stored
>> in a safe place, like on several floppies and/or CDROMs stored away
>> somewhere. It is best to have an image of the system used to encrypt the
>> files stored somewhere as well.
>>
>> Kerry
>>
>> > "Kerry Brown" wrote:
>> >
>> >> "Mihir Kotwal" <MihirKotwal@discussions.microsoft.com> wrote in
>> >> message
>> >> news:A6A4339C-DF82-4084-A8D0-87764BC52B0F@microsoft.com...
>> >> > So if I export the certificate from Internet Explorer and save it on
>> >> > my
>> >> > slave
>> >> > drive, I should be able to see the files on an XP Pro computer after
>> >> > importing the certificate, right? -Mihir
>> >>
>> >> Probably if you are in a AD environment. If you are are not then a lot
>> >> of
>> >> trial and error is usually involved in getting it working. If you are
>> >> not
>> >> in
>> >> a domain I suggest you search for an alternate encryption method.
>> >>
>> >> Kerry
>> >>
>> >> >
>> >> > "Jupiter Jones [MVP]" wrote:
>> >> >
>> >> >> You need the keys which will probably be on the master drive.
>> >> >> If you format, lose or otherwise lose access to the primary, your
>> >> >> data
>> >> >> is
>> >> >> as
>> >> >> good as gone and you should not expect to regain access EVER.
>> >> >> See the links near the bottom of this page for proper procedures to
>> >> >> help
>> >> >> you
>> >> >> protect your data:
>> >> >> http://www3.telus.net/dandemar/encrypt.htm
>> >> >>
>> >> >> --
>> >> >> Jupiter Jones [MVP]
>> >> >> http://www3.telus.net/dandemar
>> >> >> http://www.dts-l.org
>> >> >>
>> >> >>
>> >> >> "Mihir Kotwal" <MihirKotwal@discussions.microsoft.com> wrote in
>> >> >> message
>> >> >> news:FC3C23FE-7420-4266-8CAC-22AEC30ECE46@microsoft.com...
>> >> >> > If I encrypt my files with EFS on a slave drive and then remove
>> >> >> > the
>> >> >> > drive
>> >> >> > from the computer to use in another computer (ex. if the original
>> >> >> > computer
>> >> >> > breaks down), will I still be able to read them from the other
>> >> >> > computer
>> >> >> > or
>> >> >> > do
>> >> >> > I need the master drive? -Mihir
>> >> >>
>> >> >>
>> >> >>
>> >>
>> >>
>> >>
>>
>>
>>
Anonymous
a b 8 Security
August 10, 2005 12:08:01 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I just went to Help and Support Center to see if it says anything. On
ms-its:C:\WINDOWS\Help\encrypt.chm::/encrypt_to_recover_agent.htm, it says
"An alternate procedure would involve physically transporting the recovery
agent's private key and certificate, importing the private key and
certificate, decrypting the file or folder, and then deleting the imported
private key and certificate. This procedure exposes the private key more than
the procedure above but does not require any backup or restore operations or
file transportation."

In ms-its:C:\WINDOWS\Help\encrypt.chm::/encrypt_to_recover_encrypted.htm, it
says "You can recover an encrypted file or folder yourself if you have kept a
backup copy of your file encryption certificate and private key in a .pfx
file format on a floppy disk. Use the import command from Certificates in
Microsoft Management Console (MMC) to import the .pfx file from the floppy
disk into the Personal store."

I am very sorry that I didn't go to Help and Support Center before sending a
message to this newsgroup. -Mihir

"Kerry Brown" wrote:

> "Mihir Kotwal" <MihirKotwal@discussions.microsoft.com> wrote in message
> news:EAABE9E3-8095-42AF-B103-8ED85E457382@microsoft.com...
> >I have Windows Server 2003 as a domain controller and it has the slave
> >drive
> > I am talking about. I also have a Win XP Pro computer. I want to be able
> > to
> > read the files on the slave drive of the Server on the XP computer in case
> > the server breaks down (meaning the domain would also not work) and I need
> > the files urgently. What is the barrier that makes the process so time
> > consuming? -Mihir
> >
>
> There are several steps that must be done in exactly the right order. That
> is why I recommend you test it on several computers first. Make sure one of
> the computers you test it on is not and never has been joined to the domain.
> The testing and learning how it works is the time consuming part. EFS works
> exactly as advertised. It is impossible to decrypt if something goes wrong.
> Theoretically if you had access to a super computer and the MS algorithms
> you may be able to break it. You are better off with using physical security
> (i.e. locking up the data in a safe place) if at all possible. In any case
> make sure you have the server backed up. You may not be able to decrypt the
> files until AD is up and running again.
>
> Kerry
>
>
> > "Kerry Brown" wrote:
> >
> >> "Mihir Kotwal" <MihirKotwal@discussions.microsoft.com> wrote in message
> >> news:86499816-A33C-48F9-9470-E2567B0A982A@microsoft.com...
> >> > So it isn't as easy as importing the certificate on the second computer
> >> > and
> >> > then being able to use the files as if it was on the first
> >> > omputer? -Mihir
> >> >
> >>
> >> If you are using AD yes, If not, then no. It can be made to work out of a
> >> domain but it is complicated, time consuming, and fraught with the
> >> possibilty of data loss. If you use it make sure you test encrypting and
> >> decrypting several times on several computers so you know how it works
> >> inside out. Make sure you have copies of the certificates with keys
> >> stored
> >> in a safe place, like on several floppies and/or CDROMs stored away
> >> somewhere. It is best to have an image of the system used to encrypt the
> >> files stored somewhere as well.
> >>
> >> Kerry
> >>
> >> > "Kerry Brown" wrote:
> >> >
> >> >> "Mihir Kotwal" <MihirKotwal@discussions.microsoft.com> wrote in
> >> >> message
> >> >> news:A6A4339C-DF82-4084-A8D0-87764BC52B0F@microsoft.com...
> >> >> > So if I export the certificate from Internet Explorer and save it on
> >> >> > my
> >> >> > slave
> >> >> > drive, I should be able to see the files on an XP Pro computer after
> >> >> > importing the certificate, right? -Mihir
> >> >>
> >> >> Probably if you are in a AD environment. If you are are not then a lot
> >> >> of
> >> >> trial and error is usually involved in getting it working. If you are
> >> >> not
> >> >> in
> >> >> a domain I suggest you search for an alternate encryption method.
> >> >>
> >> >> Kerry
> >> >>
> >> >> >
> >> >> > "Jupiter Jones [MVP]" wrote:
> >> >> >
> >> >> >> You need the keys which will probably be on the master drive.
> >> >> >> If you format, lose or otherwise lose access to the primary, your
> >> >> >> data
> >> >> >> is
> >> >> >> as
> >> >> >> good as gone and you should not expect to regain access EVER.
> >> >> >> See the links near the bottom of this page for proper procedures to
> >> >> >> help
> >> >> >> you
> >> >> >> protect your data:
> >> >> >> http://www3.telus.net/dandemar/encrypt.htm
> >> >> >>
> >> >> >> --
> >> >> >> Jupiter Jones [MVP]
> >> >> >> http://www3.telus.net/dandemar
> >> >> >> http://www.dts-l.org
> >> >> >>
> >> >> >>
> >> >> >> "Mihir Kotwal" <MihirKotwal@discussions.microsoft.com> wrote in
> >> >> >> message
> >> >> >> news:FC3C23FE-7420-4266-8CAC-22AEC30ECE46@microsoft.com...
> >> >> >> > If I encrypt my files with EFS on a slave drive and then remove
> >> >> >> > the
> >> >> >> > drive
> >> >> >> > from the computer to use in another computer (ex. if the original
> >> >> >> > computer
> >> >> >> > breaks down), will I still be able to read them from the other
> >> >> >> > computer
> >> >> >> > or
> >> >> >> > do
> >> >> >> > I need the master drive? -Mihir
> >> >> >>
> >> >> >>
> >> >> >>
> >> >>
> >> >>
> >> >>
> >>
> >>
> >>
>
>
>
Anonymous
a b 8 Security
August 10, 2005 2:44:31 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

"Mihir Kotwal" <MihirKotwal@discussions.microsoft.com> wrote in message
news:BD896F4D-53B5-4739-88C7-220C0F46F435@microsoft.com...
>I just went to Help and Support Center to see if it says anything. On
> ms-its:C:\WINDOWS\Help\encrypt.chm::/encrypt_to_recover_agent.htm, it says
> "An alternate procedure would involve physically transporting the recovery
> agent's private key and certificate, importing the private key and
> certificate, decrypting the file or folder, and then deleting the imported
> private key and certificate. This procedure exposes the private key more
> than
> the procedure above but does not require any backup or restore operations
> or
> file transportation."
>
> In ms-its:C:\WINDOWS\Help\encrypt.chm::/encrypt_to_recover_encrypted.htm,
> it
> says "You can recover an encrypted file or folder yourself if you have
> kept a
> backup copy of your file encryption certificate and private key in a .pfx
> file format on a floppy disk. Use the import command from Certificates in
> Microsoft Management Console (MMC) to import the .pfx file from the floppy
> disk into the Personal store."
>
> I am very sorry that I didn't go to Help and Support Center before sending
> a
> message to this newsgroup. -Mihir
>

As I have already said numerous times. Try it to see if it works for you.
Encrypt a test file. Try to decrypt it on a computer that is not and has
never been in the domain. Until you test this and can do it several times
with different files in different situations do not rely on doing it in a
panic situation. Google to see all the problems people have with EFS. It
works great. It can be made to do what you want to do. If something goes
wrong you will lose your data. There are many things that can go wrong.

Kerry

> "Kerry Brown" wrote:
>
>> "Mihir Kotwal" <MihirKotwal@discussions.microsoft.com> wrote in message
>> news:EAABE9E3-8095-42AF-B103-8ED85E457382@microsoft.com...
>> >I have Windows Server 2003 as a domain controller and it has the slave
>> >drive
>> > I am talking about. I also have a Win XP Pro computer. I want to be
>> > able
>> > to
>> > read the files on the slave drive of the Server on the XP computer in
>> > case
>> > the server breaks down (meaning the domain would also not work) and I
>> > need
>> > the files urgently. What is the barrier that makes the process so time
>> > consuming? -Mihir
>> >
>>
>> There are several steps that must be done in exactly the right order.
>> That
>> is why I recommend you test it on several computers first. Make sure one
>> of
>> the computers you test it on is not and never has been joined to the
>> domain.
>> The testing and learning how it works is the time consuming part. EFS
>> works
>> exactly as advertised. It is impossible to decrypt if something goes
>> wrong.
>> Theoretically if you had access to a super computer and the MS algorithms
>> you may be able to break it. You are better off with using physical
>> security
>> (i.e. locking up the data in a safe place) if at all possible. In any
>> case
>> make sure you have the server backed up. You may not be able to decrypt
>> the
>> files until AD is up and running again.
>>
>> Kerry
>>
>>
>> > "Kerry Brown" wrote:
>> >
>> >> "Mihir Kotwal" <MihirKotwal@discussions.microsoft.com> wrote in
>> >> message
>> >> news:86499816-A33C-48F9-9470-E2567B0A982A@microsoft.com...
>> >> > So it isn't as easy as importing the certificate on the second
>> >> > computer
>> >> > and
>> >> > then being able to use the files as if it was on the first
>> >> > omputer? -Mihir
>> >> >
>> >>
>> >> If you are using AD yes, If not, then no. It can be made to work out
>> >> of a
>> >> domain but it is complicated, time consuming, and fraught with the
>> >> possibilty of data loss. If you use it make sure you test encrypting
>> >> and
>> >> decrypting several times on several computers so you know how it works
>> >> inside out. Make sure you have copies of the certificates with keys
>> >> stored
>> >> in a safe place, like on several floppies and/or CDROMs stored away
>> >> somewhere. It is best to have an image of the system used to encrypt
>> >> the
>> >> files stored somewhere as well.
>> >>
>> >> Kerry
>> >>
>> >> > "Kerry Brown" wrote:
>> >> >
>> >> >> "Mihir Kotwal" <MihirKotwal@discussions.microsoft.com> wrote in
>> >> >> message
>> >> >> news:A6A4339C-DF82-4084-A8D0-87764BC52B0F@microsoft.com...
>> >> >> > So if I export the certificate from Internet Explorer and save it
>> >> >> > on
>> >> >> > my
>> >> >> > slave
>> >> >> > drive, I should be able to see the files on an XP Pro computer
>> >> >> > after
>> >> >> > importing the certificate, right? -Mihir
>> >> >>
>> >> >> Probably if you are in a AD environment. If you are are not then a
>> >> >> lot
>> >> >> of
>> >> >> trial and error is usually involved in getting it working. If you
>> >> >> are
>> >> >> not
>> >> >> in
>> >> >> a domain I suggest you search for an alternate encryption method.
>> >> >>
>> >> >> Kerry
>> >> >>
>> >> >> >
>> >> >> > "Jupiter Jones [MVP]" wrote:
>> >> >> >
>> >> >> >> You need the keys which will probably be on the master drive.
>> >> >> >> If you format, lose or otherwise lose access to the primary,
>> >> >> >> your
>> >> >> >> data
>> >> >> >> is
>> >> >> >> as
>> >> >> >> good as gone and you should not expect to regain access EVER.
>> >> >> >> See the links near the bottom of this page for proper procedures
>> >> >> >> to
>> >> >> >> help
>> >> >> >> you
>> >> >> >> protect your data:
>> >> >> >> http://www3.telus.net/dandemar/encrypt.htm
>> >> >> >>
>> >> >> >> --
>> >> >> >> Jupiter Jones [MVP]
>> >> >> >> http://www3.telus.net/dandemar
>> >> >> >> http://www.dts-l.org
>> >> >> >>
>> >> >> >>
>> >> >> >> "Mihir Kotwal" <MihirKotwal@discussions.microsoft.com> wrote in
>> >> >> >> message
>> >> >> >> news:FC3C23FE-7420-4266-8CAC-22AEC30ECE46@microsoft.com...
>> >> >> >> > If I encrypt my files with EFS on a slave drive and then
>> >> >> >> > remove
>> >> >> >> > the
>> >> >> >> > drive
>> >> >> >> > from the computer to use in another computer (ex. if the
>> >> >> >> > original
>> >> >> >> > computer
>> >> >> >> > breaks down), will I still be able to read them from the other
>> >> >> >> > computer
>> >> >> >> > or
>> >> >> >> > do
>> >> >> >> > I need the master drive? -Mihir
>> >> >> >>
>> >> >> >>
>> >> >> >>
>> >> >>
>> >> >>
>> >> >>
>> >>
>> >>
>> >>
>>
>>
>>
Anonymous
a b 8 Security
August 10, 2005 6:24:02 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Here are a few tips to make it work:

1. The second computer must be using the same (or higher) encryption
algorithm as the first. (WS2003 and WXPsp2 both use AES.)
2. When exporting, select to export the private key. (The export should
create a .pfx file.)
3. When importing the .pfx file, *do not* select to enable strong private
key protection. (Take the default settings during the import and you'll be
okay.)
4. You'll need at least READ permission on the files. You may have to take
ownership when on the second computer.

Thanks.
Pat

Thanks.
Pat
--
This posting is provided "AS IS" with no warranties, and confers no rights.


"Mihir Kotwal" wrote:

> So if I export the certificate from Internet Explorer and save it on my slave
> drive, I should be able to see the files on an XP Pro computer after
> importing the certificate, right? -Mihir
>
> "Jupiter Jones [MVP]" wrote:
>
> > You need the keys which will probably be on the master drive.
> > If you format, lose or otherwise lose access to the primary, your data is as
> > good as gone and you should not expect to regain access EVER.
> > See the links near the bottom of this page for proper procedures to help you
> > protect your data:
> > http://www3.telus.net/dandemar/encrypt.htm
> >
> > --
> > Jupiter Jones [MVP]
> > http://www3.telus.net/dandemar
> > http://www.dts-l.org
> >
> >
> > "Mihir Kotwal" <MihirKotwal@discussions.microsoft.com> wrote in message
> > news:FC3C23FE-7420-4266-8CAC-22AEC30ECE46@microsoft.com...
> > > If I encrypt my files with EFS on a slave drive and then remove the drive
> > > from the computer to use in another computer (ex. if the original computer
> > > breaks down), will I still be able to read them from the other computer or
> > > do
> > > I need the master drive? -Mihir
> >
> >
> >
!