Archived from groups: microsoft.public.windowsxp.general (
More info?)
On Mon, 13 Jun 2005 21:20:40 -0400, Barry Watzman
<WatzmanNOSPAM@neo.rr.com> wrote:
>
>Ok, I'm not the person who posted the non-question, but I have a
>question/problem on the same topic.
>
>I have a USB external drive that I plug into my desktop computer. On
>that drive I create encrypted files (using XP Pro's built-in EFS). I
>have no problem accessing those files on that drive on that computer.
>
>However, I want to be able to access those files when I plug that USB
>drive into another computer (my laptop), and I have not been able to
>figure out how to do it. I have tried exporting the keys (the .pfx
>file) from the desktop system and importing them into my laptop, that
>does not work. I have tried "taking ownership", that doesn't work.
>
>Please note, this is a "workgroup" situation, there is no domain or
>domain controller, there is no "recovery agent" or "recovery policy".
>
>I need step-by-step instructions for reading the EFS encrypted files on
>the portable usb hard drive when that drive is plugged into a computer
>other than the one on which the files were originally encrypted. Of
>course, I have full access to both machines and to any relevant passwords.
Now you see the problems with using EFS. The problem has to do with
non-matching SIDs between the two systems. I've never used EFS, so I
can't talk about how to import the certificates, but I know it can be
done. Somebody esle will have to talk you through that.
I just recommend NOT using EFS. It's a recipe for disaster. It is
high-level government grade encryption, but it's tied to the weakest
link in the world - a solid password that hardly any home user bothers
to use, or even create. If I can log on onto your account, then I can
read your securely encrypted files.
Further, what state-level high-security secrets of our nation are you
trying to protect on your home system? There are so many easier ways
to hide a porno collection!