Re: NTFS File Encryption Question

I am certainly no expert on EFS and the XP implementation, but I do
know it is tied to the SID of the user account in question. I
strongly suspect that when you move the USB drive to the notebook,
then import the certificates, it won't decrypt them because the SIDs
on the two accounts don't match. They can't and never will.

On Mon, 11 Apr 2005 20:31:28 -0400, Barry Watzman
<WatzmanNOSPAM@xxxxxxxxxx> wrote:

>I just tried taking ownership, and it makes no difference. I clearly
>don't understand what is necessary to read an EFS encrytpted file on a
>USB external drive on a machine other than the one on which it was created.
>
>
>
>CS wrote:
>
>> On Mon, 11 Apr 2005 16:35:20 -0400, Barry Watzman
>> <WatzmanNOSPAM@xxxxxxxxxx> wrote:
>>
>>
>>>I have a USB removeable hard drive with two partitions, one FAT and one
>>>NTFS. Being very concerned about the security of the files stored on
>>>this device, I turned on file encrytpion for many files and folders, and
>>>those files and folders are now shown as "green" entries, which I've
>>>never used before.
>>>
>>>And I can read those files just fine on the computer on which I made them.
>>>
>>>Now, however, I wanted to be able to read those with my laptop, so I
>>>thought I would export the encryption keys to a ".pfx" file, which I did
>>>and put on the FAT partition, protected with a password.
>>>
>>>Now I put the USB drive on my notebook, and I click on the .pfx
>>>certificate file, and I "import" the certificate, telling it that I want
>>>a password to be required every time the certificate is used, and
>>>everything seems to go well.
>>>
>>>But when I try to open up an encrypted document on this drive on my
>>>notebook, I am still denied access.
>>>
>>>What do I need to do to be able to access these files on my laptop?
>>
>>
>> Try taking ownership of the files from your laptop computer while the
>> USB drive is attached.


.

Relevant Pages

  • Re: NTFS File Encryption Question
    ... >>> know it is tied to the SID of the user account in question. ... >NTFS file encryption is not for the faint of heart. ... Well, as I said at the outset, I'm no expert in EFS. ...
    (microsoft.public.windowsxp.general)
  • Re: NTFS File Encryption Question
    ... >I am certainly no expert on EFS and the XP implementation, ... >know it is tied to the SID of the user account in question. ...
    (microsoft.public.windowsxp.general)
  • RE: Is W2K EFS trivial to crack?
    ... > Unless the laptop is a DC, the user account would not be on that machine so one ... Microsoft saying that EFS does only work for domain members. ...
    (Security-Basics)
  • RE: Is W2K EFS trivial to crack?
    ... Unless the laptop is a DC, the user account would not be on that machine so ... Is W2K EFS trivial to crack? ... EFS-encrypted files scenario, someone could just reset the administrator ...
    (Security-Basics)
  • Re: Help Needed on Recovering Encrypted files
    ... When I encrypt a file from a user account I should be able to access those ... Only if you use the account that was created under the instance of Windows where you used EFS. ... The SID for an account on another host, or even on the same host, will be different. ... The SID is recorded in the SAM database, so there is a way to get around EFS if you know the login credentials for that SID-identified account but it is a convoluted procedure and only works under limited scenarios. ...
    (microsoft.public.windowsxp.general)