Archived from groups: microsoft.public.windowsxp.security_admin (
More info?)
"Mihir Kotwal" <MihirKotwal@discussions.microsoft.com> wrote in message
news:BD896F4D-53B5-4739-88C7-220C0F46F435@microsoft.com...
>I just went to Help and Support Center to see if it says anything. On
> ms-its:C:\WINDOWS\Help\encrypt.chm::/encrypt_to_recover_agent.htm, it says
> "An alternate procedure would involve physically transporting the recovery
> agent's private key and certificate, importing the private key and
> certificate, decrypting the file or folder, and then deleting the imported
> private key and certificate. This procedure exposes the private key more
> than
> the procedure above but does not require any backup or restore operations
> or
> file transportation."
>
> In ms-its:C:\WINDOWS\Help\encrypt.chm::/encrypt_to_recover_encrypted.htm,
> it
> says "You can recover an encrypted file or folder yourself if you have
> kept a
> backup copy of your file encryption certificate and private key in a .pfx
> file format on a floppy disk. Use the import command from Certificates in
> Microsoft Management Console (MMC) to import the .pfx file from the floppy
> disk into the Personal store."
>
> I am very sorry that I didn't go to Help and Support Center before sending
> a
> message to this newsgroup. -Mihir
>
As I have already said numerous times. Try it to see if it works for you.
Encrypt a test file. Try to decrypt it on a computer that is not and has
never been in the domain. Until you test this and can do it several times
with different files in different situations do not rely on doing it in a
panic situation. Google to see all the problems people have with EFS. It
works great. It can be made to do what you want to do. If something goes
wrong you will lose your data. There are many things that can go wrong.
Kerry
> "Kerry Brown" wrote:
>
>> "Mihir Kotwal" <MihirKotwal@discussions.microsoft.com> wrote in message
>> news:EAABE9E3-8095-42AF-B103-8ED85E457382@microsoft.com...
>> >I have Windows Server 2003 as a domain controller and it has the slave
>> >drive
>> > I am talking about. I also have a Win XP Pro computer. I want to be
>> > able
>> > to
>> > read the files on the slave drive of the Server on the XP computer in
>> > case
>> > the server breaks down (meaning the domain would also not work) and I
>> > need
>> > the files urgently. What is the barrier that makes the process so time
>> > consuming? -Mihir
>> >
>>
>> There are several steps that must be done in exactly the right order.
>> That
>> is why I recommend you test it on several computers first. Make sure one
>> of
>> the computers you test it on is not and never has been joined to the
>> domain.
>> The testing and learning how it works is the time consuming part. EFS
>> works
>> exactly as advertised. It is impossible to decrypt if something goes
>> wrong.
>> Theoretically if you had access to a super computer and the MS algorithms
>> you may be able to break it. You are better off with using physical
>> security
>> (i.e. locking up the data in a safe place) if at all possible. In any
>> case
>> make sure you have the server backed up. You may not be able to decrypt
>> the
>> files until AD is up and running again.
>>
>> Kerry
>>
>>
>> > "Kerry Brown" wrote:
>> >
>> >> "Mihir Kotwal" <MihirKotwal@discussions.microsoft.com> wrote in
>> >> message
>> >> news:86499816-A33C-48F9-9470-E2567B0A982A@microsoft.com...
>> >> > So it isn't as easy as importing the certificate on the second
>> >> > computer
>> >> > and
>> >> > then being able to use the files as if it was on the first
>> >> > omputer? -Mihir
>> >> >
>> >>
>> >> If you are using AD yes, If not, then no. It can be made to work out
>> >> of a
>> >> domain but it is complicated, time consuming, and fraught with the
>> >> possibilty of data loss. If you use it make sure you test encrypting
>> >> and
>> >> decrypting several times on several computers so you know how it works
>> >> inside out. Make sure you have copies of the certificates with keys
>> >> stored
>> >> in a safe place, like on several floppies and/or CDROMs stored away
>> >> somewhere. It is best to have an image of the system used to encrypt
>> >> the
>> >> files stored somewhere as well.
>> >>
>> >> Kerry
>> >>
>> >> > "Kerry Brown" wrote:
>> >> >
>> >> >> "Mihir Kotwal" <MihirKotwal@discussions.microsoft.com> wrote in
>> >> >> message
>> >> >> news:A6A4339C-DF82-4084-A8D0-87764BC52B0F@microsoft.com...
>> >> >> > So if I export the certificate from Internet Explorer and save it
>> >> >> > on
>> >> >> > my
>> >> >> > slave
>> >> >> > drive, I should be able to see the files on an XP Pro computer
>> >> >> > after
>> >> >> > importing the certificate, right? -Mihir
>> >> >>
>> >> >> Probably if you are in a AD environment. If you are are not then a
>> >> >> lot
>> >> >> of
>> >> >> trial and error is usually involved in getting it working. If you
>> >> >> are
>> >> >> not
>> >> >> in
>> >> >> a domain I suggest you search for an alternate encryption method.
>> >> >>
>> >> >> Kerry
>> >> >>
>> >> >> >
>> >> >> > "Jupiter Jones [MVP]" wrote:
>> >> >> >
>> >> >> >> You need the keys which will probably be on the master drive.
>> >> >> >> If you format, lose or otherwise lose access to the primary,
>> >> >> >> your
>> >> >> >> data
>> >> >> >> is
>> >> >> >> as
>> >> >> >> good as gone and you should not expect to regain access EVER.
>> >> >> >> See the links near the bottom of this page for proper procedures
>> >> >> >> to
>> >> >> >> help
>> >> >> >> you
>> >> >> >> protect your data:
>> >> >> >>
http://www3.telus.net/dandemar/encrypt.htm
>> >> >> >>
>> >> >> >> --
>> >> >> >> Jupiter Jones [MVP]
>> >> >> >>
http://www3.telus.net/dandemar
>> >> >> >>
http://www.dts-l.org
>> >> >> >>
>> >> >> >>
>> >> >> >> "Mihir Kotwal" <MihirKotwal@discussions.microsoft.com> wrote in
>> >> >> >> message
>> >> >> >> news:FC3C23FE-7420-4266-8CAC-22AEC30ECE46@microsoft.com...
>> >> >> >> > If I encrypt my files with EFS on a slave drive and then
>> >> >> >> > remove
>> >> >> >> > the
>> >> >> >> > drive
>> >> >> >> > from the computer to use in another computer (ex. if the
>> >> >> >> > original
>> >> >> >> > computer
>> >> >> >> > breaks down), will I still be able to read them from the other
>> >> >> >> > computer
>> >> >> >> > or
>> >> >> >> > do
>> >> >> >> > I need the master drive? -Mihir
>> >> >> >>
>> >> >> >>
>> >> >> >>
>> >> >>
>> >> >>
>> >> >>
>> >>
>> >>
>> >>
>>
>>
>>