Re: NTFS File Encryption Question

In article <a7no51p189d8qimdbdlqhsjh1r3sre09ba@xxxxxxx>,
NobodyMan <none@xxxxxxxx> wrote:
>I am certainly no expert on EFS and the XP implementation, but I do
>know it is tied to the SID of the user account in question. I
>strongly suspect that when you move the USB drive to the notebook,
>then import the certificates, it won't decrypt them because the SIDs
>on the two accounts don't match. They can't and never will.

That doesn't sound right. If you export the keys to a floppy as a
disaster contingency plan the next machine you use the key on will
never have the same SID.


>
>On Mon, 11 Apr 2005 20:31:28 -0400, Barry Watzman
><WatzmanNOSPAM@xxxxxxxxxx> wrote:
>
>>I just tried taking ownership, and it makes no difference. I clearly
>>don't understand what is necessary to read an EFS encrytpted file on a
>>USB external drive on a machine other than the one on which it was created.
>>
>>
>>
>>CS wrote:
>>
>>> On Mon, 11 Apr 2005 16:35:20 -0400, Barry Watzman
>>> <WatzmanNOSPAM@xxxxxxxxxx> wrote:
>>>
>>>
>>>>I have a USB removeable hard drive with two partitions, one FAT and one
>>>>NTFS. Being very concerned about the security of the files stored on
>>>>this device, I turned on file encrytpion for many files and folders, and
>>>>those files and folders are now shown as "green" entries, which I've
>>>>never used before.
>>>>
>>>>And I can read those files just fine on the computer on which I made them.
>>>>
>>>>Now, however, I wanted to be able to read those with my laptop, so I
>>>>thought I would export the encryption keys to a ".pfx" file, which I did
>>>>and put on the FAT partition, protected with a password.
>>>>
>>>>Now I put the USB drive on my notebook, and I click on the .pfx
>>>>certificate file, and I "import" the certificate, telling it that I want
>>>>a password to be required every time the certificate is used, and
>>>>everything seems to go well.
>>>>
>>>>But when I try to open up an encrypted document on this drive on my
>>>>notebook, I am still denied access.
>>>>
>>>>What do I need to do to be able to access these files on my laptop?
>>>
>>>
>>> Try taking ownership of the files from your laptop computer while the
>>> USB drive is attached.
>
>


--
a d y k e s @ p a n i x . c o m

Don't blame me. I voted for Gore.
.

Relevant Pages

  • Re: NTFS File Encryption Question
    ... I am certainly no expert on EFS and the XP implementation, ... know it is tied to the SID of the user account in question. ... >>>What do I need to do to be able to access these files on my laptop? ...
    (microsoft.public.windowsxp.general)
  • Re: NTFS File Encryption Question
    ... >>> know it is tied to the SID of the user account in question. ... >NTFS file encryption is not for the faint of heart. ... Well, as I said at the outset, I'm no expert in EFS. ...
    (microsoft.public.windowsxp.general)
  • Re: Help Needed on Recovering Encrypted files
    ... When I encrypt a file from a user account I should be able to access those ... Only if you use the account that was created under the instance of Windows where you used EFS. ... The SID for an account on another host, or even on the same host, will be different. ... The SID is recorded in the SAM database, so there is a way to get around EFS if you know the login credentials for that SID-identified account but it is a convoluted procedure and only works under limited scenarios. ...
    (microsoft.public.windowsxp.general)
  • Re: Write to the registry
    ... The whole point is to move all users from a local work group account to a ... > migrate a local user account to a new domain user account and keep ... > the same user SID. ... > torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway ...
    (microsoft.public.windows.server.scripting)
  • Re: Determine if IdentityReference is a Security Group
    ... You need to tell whether a sid is a user account or group, ... Get the Win32Security.dll You can then easily determine the type of sid but, ... bins to enforce Windows Security business logic (order of Allow/Deny ... Allow and Deny are easily obtained from IdentityReference. ...
    (microsoft.public.dotnet.security)