EFS On Drive Works With >1 Computer?

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

If I encrypt my files with EFS on a slave drive and then remove the drive
from the computer to use in another computer (ex. if the original computer
breaks down), will I still be able to read them from the other computer or do
I need the master drive? -Mihir
10 answers Last reply
More about drive works computer
  1. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    You need the keys which will probably be on the master drive.
    If you format, lose or otherwise lose access to the primary, your data is as
    good as gone and you should not expect to regain access EVER.
    See the links near the bottom of this page for proper procedures to help you
    protect your data:
    http://www3.telus.net/dandemar/encrypt.htm

    --
    Jupiter Jones [MVP]
    http://www3.telus.net/dandemar
    http://www.dts-l.org


    "Mihir Kotwal" <MihirKotwal@discussions.microsoft.com> wrote in message
    news:FC3C23FE-7420-4266-8CAC-22AEC30ECE46@microsoft.com...
    > If I encrypt my files with EFS on a slave drive and then remove the drive
    > from the computer to use in another computer (ex. if the original computer
    > breaks down), will I still be able to read them from the other computer or
    > do
    > I need the master drive? -Mihir
  2. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    So if I export the certificate from Internet Explorer and save it on my slave
    drive, I should be able to see the files on an XP Pro computer after
    importing the certificate, right? -Mihir

    "Jupiter Jones [MVP]" wrote:

    > You need the keys which will probably be on the master drive.
    > If you format, lose or otherwise lose access to the primary, your data is as
    > good as gone and you should not expect to regain access EVER.
    > See the links near the bottom of this page for proper procedures to help you
    > protect your data:
    > http://www3.telus.net/dandemar/encrypt.htm
    >
    > --
    > Jupiter Jones [MVP]
    > http://www3.telus.net/dandemar
    > http://www.dts-l.org
    >
    >
    > "Mihir Kotwal" <MihirKotwal@discussions.microsoft.com> wrote in message
    > news:FC3C23FE-7420-4266-8CAC-22AEC30ECE46@microsoft.com...
    > > If I encrypt my files with EFS on a slave drive and then remove the drive
    > > from the computer to use in another computer (ex. if the original computer
    > > breaks down), will I still be able to read them from the other computer or
    > > do
    > > I need the master drive? -Mihir
    >
    >
    >
  3. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    "Mihir Kotwal" <MihirKotwal@discussions.microsoft.com> wrote in message
    news:A6A4339C-DF82-4084-A8D0-87764BC52B0F@microsoft.com...
    > So if I export the certificate from Internet Explorer and save it on my
    > slave
    > drive, I should be able to see the files on an XP Pro computer after
    > importing the certificate, right? -Mihir

    Probably if you are in a AD environment. If you are are not then a lot of
    trial and error is usually involved in getting it working. If you are not in
    a domain I suggest you search for an alternate encryption method.

    Kerry

    >
    > "Jupiter Jones [MVP]" wrote:
    >
    >> You need the keys which will probably be on the master drive.
    >> If you format, lose or otherwise lose access to the primary, your data is
    >> as
    >> good as gone and you should not expect to regain access EVER.
    >> See the links near the bottom of this page for proper procedures to help
    >> you
    >> protect your data:
    >> http://www3.telus.net/dandemar/encrypt.htm
    >>
    >> --
    >> Jupiter Jones [MVP]
    >> http://www3.telus.net/dandemar
    >> http://www.dts-l.org
    >>
    >>
    >> "Mihir Kotwal" <MihirKotwal@discussions.microsoft.com> wrote in message
    >> news:FC3C23FE-7420-4266-8CAC-22AEC30ECE46@microsoft.com...
    >> > If I encrypt my files with EFS on a slave drive and then remove the
    >> > drive
    >> > from the computer to use in another computer (ex. if the original
    >> > computer
    >> > breaks down), will I still be able to read them from the other computer
    >> > or
    >> > do
    >> > I need the master drive? -Mihir
    >>
    >>
    >>
  4. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    So it isn't as easy as importing the certificate on the second computer and
    then being able to use the files as if it was on the first computer? -Mihir

    "Kerry Brown" wrote:

    > "Mihir Kotwal" <MihirKotwal@discussions.microsoft.com> wrote in message
    > news:A6A4339C-DF82-4084-A8D0-87764BC52B0F@microsoft.com...
    > > So if I export the certificate from Internet Explorer and save it on my
    > > slave
    > > drive, I should be able to see the files on an XP Pro computer after
    > > importing the certificate, right? -Mihir
    >
    > Probably if you are in a AD environment. If you are are not then a lot of
    > trial and error is usually involved in getting it working. If you are not in
    > a domain I suggest you search for an alternate encryption method.
    >
    > Kerry
    >
    > >
    > > "Jupiter Jones [MVP]" wrote:
    > >
    > >> You need the keys which will probably be on the master drive.
    > >> If you format, lose or otherwise lose access to the primary, your data is
    > >> as
    > >> good as gone and you should not expect to regain access EVER.
    > >> See the links near the bottom of this page for proper procedures to help
    > >> you
    > >> protect your data:
    > >> http://www3.telus.net/dandemar/encrypt.htm
    > >>
    > >> --
    > >> Jupiter Jones [MVP]
    > >> http://www3.telus.net/dandemar
    > >> http://www.dts-l.org
    > >>
    > >>
    > >> "Mihir Kotwal" <MihirKotwal@discussions.microsoft.com> wrote in message
    > >> news:FC3C23FE-7420-4266-8CAC-22AEC30ECE46@microsoft.com...
    > >> > If I encrypt my files with EFS on a slave drive and then remove the
    > >> > drive
    > >> > from the computer to use in another computer (ex. if the original
    > >> > computer
    > >> > breaks down), will I still be able to read them from the other computer
    > >> > or
    > >> > do
    > >> > I need the master drive? -Mihir
    > >>
    > >>
    > >>
    >
    >
    >
  5. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    "Mihir Kotwal" <MihirKotwal@discussions.microsoft.com> wrote in message
    news:86499816-A33C-48F9-9470-E2567B0A982A@microsoft.com...
    > So it isn't as easy as importing the certificate on the second computer
    > and
    > then being able to use the files as if it was on the first
    > omputer? -Mihir
    >

    If you are using AD yes, If not, then no. It can be made to work out of a
    domain but it is complicated, time consuming, and fraught with the
    possibilty of data loss. If you use it make sure you test encrypting and
    decrypting several times on several computers so you know how it works
    inside out. Make sure you have copies of the certificates with keys stored
    in a safe place, like on several floppies and/or CDROMs stored away
    somewhere. It is best to have an image of the system used to encrypt the
    files stored somewhere as well.

    Kerry

    > "Kerry Brown" wrote:
    >
    >> "Mihir Kotwal" <MihirKotwal@discussions.microsoft.com> wrote in message
    >> news:A6A4339C-DF82-4084-A8D0-87764BC52B0F@microsoft.com...
    >> > So if I export the certificate from Internet Explorer and save it on my
    >> > slave
    >> > drive, I should be able to see the files on an XP Pro computer after
    >> > importing the certificate, right? -Mihir
    >>
    >> Probably if you are in a AD environment. If you are are not then a lot of
    >> trial and error is usually involved in getting it working. If you are not
    >> in
    >> a domain I suggest you search for an alternate encryption method.
    >>
    >> Kerry
    >>
    >> >
    >> > "Jupiter Jones [MVP]" wrote:
    >> >
    >> >> You need the keys which will probably be on the master drive.
    >> >> If you format, lose or otherwise lose access to the primary, your data
    >> >> is
    >> >> as
    >> >> good as gone and you should not expect to regain access EVER.
    >> >> See the links near the bottom of this page for proper procedures to
    >> >> help
    >> >> you
    >> >> protect your data:
    >> >> http://www3.telus.net/dandemar/encrypt.htm
    >> >>
    >> >> --
    >> >> Jupiter Jones [MVP]
    >> >> http://www3.telus.net/dandemar
    >> >> http://www.dts-l.org
    >> >>
    >> >>
    >> >> "Mihir Kotwal" <MihirKotwal@discussions.microsoft.com> wrote in
    >> >> message
    >> >> news:FC3C23FE-7420-4266-8CAC-22AEC30ECE46@microsoft.com...
    >> >> > If I encrypt my files with EFS on a slave drive and then remove the
    >> >> > drive
    >> >> > from the computer to use in another computer (ex. if the original
    >> >> > computer
    >> >> > breaks down), will I still be able to read them from the other
    >> >> > computer
    >> >> > or
    >> >> > do
    >> >> > I need the master drive? -Mihir
    >> >>
    >> >>
    >> >>
    >>
    >>
    >>
  6. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    I have Windows Server 2003 as a domain controller and it has the slave drive
    I am talking about. I also have a Win XP Pro computer. I want to be able to
    read the files on the slave drive of the Server on the XP computer in case
    the server breaks down (meaning the domain would also not work) and I need
    the files urgently. What is the barrier that makes the process so time
    consuming? -Mihir

    "Kerry Brown" wrote:

    > "Mihir Kotwal" <MihirKotwal@discussions.microsoft.com> wrote in message
    > news:86499816-A33C-48F9-9470-E2567B0A982A@microsoft.com...
    > > So it isn't as easy as importing the certificate on the second computer
    > > and
    > > then being able to use the files as if it was on the first
    > > omputer? -Mihir
    > >
    >
    > If you are using AD yes, If not, then no. It can be made to work out of a
    > domain but it is complicated, time consuming, and fraught with the
    > possibilty of data loss. If you use it make sure you test encrypting and
    > decrypting several times on several computers so you know how it works
    > inside out. Make sure you have copies of the certificates with keys stored
    > in a safe place, like on several floppies and/or CDROMs stored away
    > somewhere. It is best to have an image of the system used to encrypt the
    > files stored somewhere as well.
    >
    > Kerry
    >
    > > "Kerry Brown" wrote:
    > >
    > >> "Mihir Kotwal" <MihirKotwal@discussions.microsoft.com> wrote in message
    > >> news:A6A4339C-DF82-4084-A8D0-87764BC52B0F@microsoft.com...
    > >> > So if I export the certificate from Internet Explorer and save it on my
    > >> > slave
    > >> > drive, I should be able to see the files on an XP Pro computer after
    > >> > importing the certificate, right? -Mihir
    > >>
    > >> Probably if you are in a AD environment. If you are are not then a lot of
    > >> trial and error is usually involved in getting it working. If you are not
    > >> in
    > >> a domain I suggest you search for an alternate encryption method.
    > >>
    > >> Kerry
    > >>
    > >> >
    > >> > "Jupiter Jones [MVP]" wrote:
    > >> >
    > >> >> You need the keys which will probably be on the master drive.
    > >> >> If you format, lose or otherwise lose access to the primary, your data
    > >> >> is
    > >> >> as
    > >> >> good as gone and you should not expect to regain access EVER.
    > >> >> See the links near the bottom of this page for proper procedures to
    > >> >> help
    > >> >> you
    > >> >> protect your data:
    > >> >> http://www3.telus.net/dandemar/encrypt.htm
    > >> >>
    > >> >> --
    > >> >> Jupiter Jones [MVP]
    > >> >> http://www3.telus.net/dandemar
    > >> >> http://www.dts-l.org
    > >> >>
    > >> >>
    > >> >> "Mihir Kotwal" <MihirKotwal@discussions.microsoft.com> wrote in
    > >> >> message
    > >> >> news:FC3C23FE-7420-4266-8CAC-22AEC30ECE46@microsoft.com...
    > >> >> > If I encrypt my files with EFS on a slave drive and then remove the
    > >> >> > drive
    > >> >> > from the computer to use in another computer (ex. if the original
    > >> >> > computer
    > >> >> > breaks down), will I still be able to read them from the other
    > >> >> > computer
    > >> >> > or
    > >> >> > do
    > >> >> > I need the master drive? -Mihir
    > >> >>
    > >> >>
    > >> >>
    > >>
    > >>
    > >>
    >
    >
    >
  7. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    "Mihir Kotwal" <MihirKotwal@discussions.microsoft.com> wrote in message
    news:EAABE9E3-8095-42AF-B103-8ED85E457382@microsoft.com...
    >I have Windows Server 2003 as a domain controller and it has the slave
    >drive
    > I am talking about. I also have a Win XP Pro computer. I want to be able
    > to
    > read the files on the slave drive of the Server on the XP computer in case
    > the server breaks down (meaning the domain would also not work) and I need
    > the files urgently. What is the barrier that makes the process so time
    > consuming? -Mihir
    >

    There are several steps that must be done in exactly the right order. That
    is why I recommend you test it on several computers first. Make sure one of
    the computers you test it on is not and never has been joined to the domain.
    The testing and learning how it works is the time consuming part. EFS works
    exactly as advertised. It is impossible to decrypt if something goes wrong.
    Theoretically if you had access to a super computer and the MS algorithms
    you may be able to break it. You are better off with using physical security
    (i.e. locking up the data in a safe place) if at all possible. In any case
    make sure you have the server backed up. You may not be able to decrypt the
    files until AD is up and running again.

    Kerry


    > "Kerry Brown" wrote:
    >
    >> "Mihir Kotwal" <MihirKotwal@discussions.microsoft.com> wrote in message
    >> news:86499816-A33C-48F9-9470-E2567B0A982A@microsoft.com...
    >> > So it isn't as easy as importing the certificate on the second computer
    >> > and
    >> > then being able to use the files as if it was on the first
    >> > omputer? -Mihir
    >> >
    >>
    >> If you are using AD yes, If not, then no. It can be made to work out of a
    >> domain but it is complicated, time consuming, and fraught with the
    >> possibilty of data loss. If you use it make sure you test encrypting and
    >> decrypting several times on several computers so you know how it works
    >> inside out. Make sure you have copies of the certificates with keys
    >> stored
    >> in a safe place, like on several floppies and/or CDROMs stored away
    >> somewhere. It is best to have an image of the system used to encrypt the
    >> files stored somewhere as well.
    >>
    >> Kerry
    >>
    >> > "Kerry Brown" wrote:
    >> >
    >> >> "Mihir Kotwal" <MihirKotwal@discussions.microsoft.com> wrote in
    >> >> message
    >> >> news:A6A4339C-DF82-4084-A8D0-87764BC52B0F@microsoft.com...
    >> >> > So if I export the certificate from Internet Explorer and save it on
    >> >> > my
    >> >> > slave
    >> >> > drive, I should be able to see the files on an XP Pro computer after
    >> >> > importing the certificate, right? -Mihir
    >> >>
    >> >> Probably if you are in a AD environment. If you are are not then a lot
    >> >> of
    >> >> trial and error is usually involved in getting it working. If you are
    >> >> not
    >> >> in
    >> >> a domain I suggest you search for an alternate encryption method.
    >> >>
    >> >> Kerry
    >> >>
    >> >> >
    >> >> > "Jupiter Jones [MVP]" wrote:
    >> >> >
    >> >> >> You need the keys which will probably be on the master drive.
    >> >> >> If you format, lose or otherwise lose access to the primary, your
    >> >> >> data
    >> >> >> is
    >> >> >> as
    >> >> >> good as gone and you should not expect to regain access EVER.
    >> >> >> See the links near the bottom of this page for proper procedures to
    >> >> >> help
    >> >> >> you
    >> >> >> protect your data:
    >> >> >> http://www3.telus.net/dandemar/encrypt.htm
    >> >> >>
    >> >> >> --
    >> >> >> Jupiter Jones [MVP]
    >> >> >> http://www3.telus.net/dandemar
    >> >> >> http://www.dts-l.org
    >> >> >>
    >> >> >>
    >> >> >> "Mihir Kotwal" <MihirKotwal@discussions.microsoft.com> wrote in
    >> >> >> message
    >> >> >> news:FC3C23FE-7420-4266-8CAC-22AEC30ECE46@microsoft.com...
    >> >> >> > If I encrypt my files with EFS on a slave drive and then remove
    >> >> >> > the
    >> >> >> > drive
    >> >> >> > from the computer to use in another computer (ex. if the original
    >> >> >> > computer
    >> >> >> > breaks down), will I still be able to read them from the other
    >> >> >> > computer
    >> >> >> > or
    >> >> >> > do
    >> >> >> > I need the master drive? -Mihir
    >> >> >>
    >> >> >>
    >> >> >>
    >> >>
    >> >>
    >> >>
    >>
    >>
    >>
  8. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    I just went to Help and Support Center to see if it says anything. On
    ms-its:C:\WINDOWS\Help\encrypt.chm::/encrypt_to_recover_agent.htm, it says
    "An alternate procedure would involve physically transporting the recovery
    agent's private key and certificate, importing the private key and
    certificate, decrypting the file or folder, and then deleting the imported
    private key and certificate. This procedure exposes the private key more than
    the procedure above but does not require any backup or restore operations or
    file transportation."

    In ms-its:C:\WINDOWS\Help\encrypt.chm::/encrypt_to_recover_encrypted.htm, it
    says "You can recover an encrypted file or folder yourself if you have kept a
    backup copy of your file encryption certificate and private key in a .pfx
    file format on a floppy disk. Use the import command from Certificates in
    Microsoft Management Console (MMC) to import the .pfx file from the floppy
    disk into the Personal store."

    I am very sorry that I didn't go to Help and Support Center before sending a
    message to this newsgroup. -Mihir

    "Kerry Brown" wrote:

    > "Mihir Kotwal" <MihirKotwal@discussions.microsoft.com> wrote in message
    > news:EAABE9E3-8095-42AF-B103-8ED85E457382@microsoft.com...
    > >I have Windows Server 2003 as a domain controller and it has the slave
    > >drive
    > > I am talking about. I also have a Win XP Pro computer. I want to be able
    > > to
    > > read the files on the slave drive of the Server on the XP computer in case
    > > the server breaks down (meaning the domain would also not work) and I need
    > > the files urgently. What is the barrier that makes the process so time
    > > consuming? -Mihir
    > >
    >
    > There are several steps that must be done in exactly the right order. That
    > is why I recommend you test it on several computers first. Make sure one of
    > the computers you test it on is not and never has been joined to the domain.
    > The testing and learning how it works is the time consuming part. EFS works
    > exactly as advertised. It is impossible to decrypt if something goes wrong.
    > Theoretically if you had access to a super computer and the MS algorithms
    > you may be able to break it. You are better off with using physical security
    > (i.e. locking up the data in a safe place) if at all possible. In any case
    > make sure you have the server backed up. You may not be able to decrypt the
    > files until AD is up and running again.
    >
    > Kerry
    >
    >
    > > "Kerry Brown" wrote:
    > >
    > >> "Mihir Kotwal" <MihirKotwal@discussions.microsoft.com> wrote in message
    > >> news:86499816-A33C-48F9-9470-E2567B0A982A@microsoft.com...
    > >> > So it isn't as easy as importing the certificate on the second computer
    > >> > and
    > >> > then being able to use the files as if it was on the first
    > >> > omputer? -Mihir
    > >> >
    > >>
    > >> If you are using AD yes, If not, then no. It can be made to work out of a
    > >> domain but it is complicated, time consuming, and fraught with the
    > >> possibilty of data loss. If you use it make sure you test encrypting and
    > >> decrypting several times on several computers so you know how it works
    > >> inside out. Make sure you have copies of the certificates with keys
    > >> stored
    > >> in a safe place, like on several floppies and/or CDROMs stored away
    > >> somewhere. It is best to have an image of the system used to encrypt the
    > >> files stored somewhere as well.
    > >>
    > >> Kerry
    > >>
    > >> > "Kerry Brown" wrote:
    > >> >
    > >> >> "Mihir Kotwal" <MihirKotwal@discussions.microsoft.com> wrote in
    > >> >> message
    > >> >> news:A6A4339C-DF82-4084-A8D0-87764BC52B0F@microsoft.com...
    > >> >> > So if I export the certificate from Internet Explorer and save it on
    > >> >> > my
    > >> >> > slave
    > >> >> > drive, I should be able to see the files on an XP Pro computer after
    > >> >> > importing the certificate, right? -Mihir
    > >> >>
    > >> >> Probably if you are in a AD environment. If you are are not then a lot
    > >> >> of
    > >> >> trial and error is usually involved in getting it working. If you are
    > >> >> not
    > >> >> in
    > >> >> a domain I suggest you search for an alternate encryption method.
    > >> >>
    > >> >> Kerry
    > >> >>
    > >> >> >
    > >> >> > "Jupiter Jones [MVP]" wrote:
    > >> >> >
    > >> >> >> You need the keys which will probably be on the master drive.
    > >> >> >> If you format, lose or otherwise lose access to the primary, your
    > >> >> >> data
    > >> >> >> is
    > >> >> >> as
    > >> >> >> good as gone and you should not expect to regain access EVER.
    > >> >> >> See the links near the bottom of this page for proper procedures to
    > >> >> >> help
    > >> >> >> you
    > >> >> >> protect your data:
    > >> >> >> http://www3.telus.net/dandemar/encrypt.htm
    > >> >> >>
    > >> >> >> --
    > >> >> >> Jupiter Jones [MVP]
    > >> >> >> http://www3.telus.net/dandemar
    > >> >> >> http://www.dts-l.org
    > >> >> >>
    > >> >> >>
    > >> >> >> "Mihir Kotwal" <MihirKotwal@discussions.microsoft.com> wrote in
    > >> >> >> message
    > >> >> >> news:FC3C23FE-7420-4266-8CAC-22AEC30ECE46@microsoft.com...
    > >> >> >> > If I encrypt my files with EFS on a slave drive and then remove
    > >> >> >> > the
    > >> >> >> > drive
    > >> >> >> > from the computer to use in another computer (ex. if the original
    > >> >> >> > computer
    > >> >> >> > breaks down), will I still be able to read them from the other
    > >> >> >> > computer
    > >> >> >> > or
    > >> >> >> > do
    > >> >> >> > I need the master drive? -Mihir
    > >> >> >>
    > >> >> >>
    > >> >> >>
    > >> >>
    > >> >>
    > >> >>
    > >>
    > >>
    > >>
    >
    >
    >
  9. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    "Mihir Kotwal" <MihirKotwal@discussions.microsoft.com> wrote in message
    news:BD896F4D-53B5-4739-88C7-220C0F46F435@microsoft.com...
    >I just went to Help and Support Center to see if it says anything. On
    > ms-its:C:\WINDOWS\Help\encrypt.chm::/encrypt_to_recover_agent.htm, it says
    > "An alternate procedure would involve physically transporting the recovery
    > agent's private key and certificate, importing the private key and
    > certificate, decrypting the file or folder, and then deleting the imported
    > private key and certificate. This procedure exposes the private key more
    > than
    > the procedure above but does not require any backup or restore operations
    > or
    > file transportation."
    >
    > In ms-its:C:\WINDOWS\Help\encrypt.chm::/encrypt_to_recover_encrypted.htm,
    > it
    > says "You can recover an encrypted file or folder yourself if you have
    > kept a
    > backup copy of your file encryption certificate and private key in a .pfx
    > file format on a floppy disk. Use the import command from Certificates in
    > Microsoft Management Console (MMC) to import the .pfx file from the floppy
    > disk into the Personal store."
    >
    > I am very sorry that I didn't go to Help and Support Center before sending
    > a
    > message to this newsgroup. -Mihir
    >

    As I have already said numerous times. Try it to see if it works for you.
    Encrypt a test file. Try to decrypt it on a computer that is not and has
    never been in the domain. Until you test this and can do it several times
    with different files in different situations do not rely on doing it in a
    panic situation. Google to see all the problems people have with EFS. It
    works great. It can be made to do what you want to do. If something goes
    wrong you will lose your data. There are many things that can go wrong.

    Kerry

    > "Kerry Brown" wrote:
    >
    >> "Mihir Kotwal" <MihirKotwal@discussions.microsoft.com> wrote in message
    >> news:EAABE9E3-8095-42AF-B103-8ED85E457382@microsoft.com...
    >> >I have Windows Server 2003 as a domain controller and it has the slave
    >> >drive
    >> > I am talking about. I also have a Win XP Pro computer. I want to be
    >> > able
    >> > to
    >> > read the files on the slave drive of the Server on the XP computer in
    >> > case
    >> > the server breaks down (meaning the domain would also not work) and I
    >> > need
    >> > the files urgently. What is the barrier that makes the process so time
    >> > consuming? -Mihir
    >> >
    >>
    >> There are several steps that must be done in exactly the right order.
    >> That
    >> is why I recommend you test it on several computers first. Make sure one
    >> of
    >> the computers you test it on is not and never has been joined to the
    >> domain.
    >> The testing and learning how it works is the time consuming part. EFS
    >> works
    >> exactly as advertised. It is impossible to decrypt if something goes
    >> wrong.
    >> Theoretically if you had access to a super computer and the MS algorithms
    >> you may be able to break it. You are better off with using physical
    >> security
    >> (i.e. locking up the data in a safe place) if at all possible. In any
    >> case
    >> make sure you have the server backed up. You may not be able to decrypt
    >> the
    >> files until AD is up and running again.
    >>
    >> Kerry
    >>
    >>
    >> > "Kerry Brown" wrote:
    >> >
    >> >> "Mihir Kotwal" <MihirKotwal@discussions.microsoft.com> wrote in
    >> >> message
    >> >> news:86499816-A33C-48F9-9470-E2567B0A982A@microsoft.com...
    >> >> > So it isn't as easy as importing the certificate on the second
    >> >> > computer
    >> >> > and
    >> >> > then being able to use the files as if it was on the first
    >> >> > omputer? -Mihir
    >> >> >
    >> >>
    >> >> If you are using AD yes, If not, then no. It can be made to work out
    >> >> of a
    >> >> domain but it is complicated, time consuming, and fraught with the
    >> >> possibilty of data loss. If you use it make sure you test encrypting
    >> >> and
    >> >> decrypting several times on several computers so you know how it works
    >> >> inside out. Make sure you have copies of the certificates with keys
    >> >> stored
    >> >> in a safe place, like on several floppies and/or CDROMs stored away
    >> >> somewhere. It is best to have an image of the system used to encrypt
    >> >> the
    >> >> files stored somewhere as well.
    >> >>
    >> >> Kerry
    >> >>
    >> >> > "Kerry Brown" wrote:
    >> >> >
    >> >> >> "Mihir Kotwal" <MihirKotwal@discussions.microsoft.com> wrote in
    >> >> >> message
    >> >> >> news:A6A4339C-DF82-4084-A8D0-87764BC52B0F@microsoft.com...
    >> >> >> > So if I export the certificate from Internet Explorer and save it
    >> >> >> > on
    >> >> >> > my
    >> >> >> > slave
    >> >> >> > drive, I should be able to see the files on an XP Pro computer
    >> >> >> > after
    >> >> >> > importing the certificate, right? -Mihir
    >> >> >>
    >> >> >> Probably if you are in a AD environment. If you are are not then a
    >> >> >> lot
    >> >> >> of
    >> >> >> trial and error is usually involved in getting it working. If you
    >> >> >> are
    >> >> >> not
    >> >> >> in
    >> >> >> a domain I suggest you search for an alternate encryption method.
    >> >> >>
    >> >> >> Kerry
    >> >> >>
    >> >> >> >
    >> >> >> > "Jupiter Jones [MVP]" wrote:
    >> >> >> >
    >> >> >> >> You need the keys which will probably be on the master drive.
    >> >> >> >> If you format, lose or otherwise lose access to the primary,
    >> >> >> >> your
    >> >> >> >> data
    >> >> >> >> is
    >> >> >> >> as
    >> >> >> >> good as gone and you should not expect to regain access EVER.
    >> >> >> >> See the links near the bottom of this page for proper procedures
    >> >> >> >> to
    >> >> >> >> help
    >> >> >> >> you
    >> >> >> >> protect your data:
    >> >> >> >> http://www3.telus.net/dandemar/encrypt.htm
    >> >> >> >>
    >> >> >> >> --
    >> >> >> >> Jupiter Jones [MVP]
    >> >> >> >> http://www3.telus.net/dandemar
    >> >> >> >> http://www.dts-l.org
    >> >> >> >>
    >> >> >> >>
    >> >> >> >> "Mihir Kotwal" <MihirKotwal@discussions.microsoft.com> wrote in
    >> >> >> >> message
    >> >> >> >> news:FC3C23FE-7420-4266-8CAC-22AEC30ECE46@microsoft.com...
    >> >> >> >> > If I encrypt my files with EFS on a slave drive and then
    >> >> >> >> > remove
    >> >> >> >> > the
    >> >> >> >> > drive
    >> >> >> >> > from the computer to use in another computer (ex. if the
    >> >> >> >> > original
    >> >> >> >> > computer
    >> >> >> >> > breaks down), will I still be able to read them from the other
    >> >> >> >> > computer
    >> >> >> >> > or
    >> >> >> >> > do
    >> >> >> >> > I need the master drive? -Mihir
    >> >> >> >>
    >> >> >> >>
    >> >> >> >>
    >> >> >>
    >> >> >>
    >> >> >>
    >> >>
    >> >>
    >> >>
    >>
    >>
    >>
  10. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Here are a few tips to make it work:

    1. The second computer must be using the same (or higher) encryption
    algorithm as the first. (WS2003 and WXPsp2 both use AES.)
    2. When exporting, select to export the private key. (The export should
    create a .pfx file.)
    3. When importing the .pfx file, *do not* select to enable strong private
    key protection. (Take the default settings during the import and you'll be
    okay.)
    4. You'll need at least READ permission on the files. You may have to take
    ownership when on the second computer.

    Thanks.
    Pat

    Thanks.
    Pat
    --
    This posting is provided "AS IS" with no warranties, and confers no rights.


    "Mihir Kotwal" wrote:

    > So if I export the certificate from Internet Explorer and save it on my slave
    > drive, I should be able to see the files on an XP Pro computer after
    > importing the certificate, right? -Mihir
    >
    > "Jupiter Jones [MVP]" wrote:
    >
    > > You need the keys which will probably be on the master drive.
    > > If you format, lose or otherwise lose access to the primary, your data is as
    > > good as gone and you should not expect to regain access EVER.
    > > See the links near the bottom of this page for proper procedures to help you
    > > protect your data:
    > > http://www3.telus.net/dandemar/encrypt.htm
    > >
    > > --
    > > Jupiter Jones [MVP]
    > > http://www3.telus.net/dandemar
    > > http://www.dts-l.org
    > >
    > >
    > > "Mihir Kotwal" <MihirKotwal@discussions.microsoft.com> wrote in message
    > > news:FC3C23FE-7420-4266-8CAC-22AEC30ECE46@microsoft.com...
    > > > If I encrypt my files with EFS on a slave drive and then remove the drive
    > > > from the computer to use in another computer (ex. if the original computer
    > > > breaks down), will I still be able to read them from the other computer or
    > > > do
    > > > I need the master drive? -Mihir
    > >
    > >
    > >
Ask a new question

Read More

Security Computers Microsoft Windows XP