Re: About EFS and local certificate that I want to export

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

---

• From: "CreateWindow" <createwindow@xxxxxxxxx>
• Date: Sat, 5 May 2007 08:55:11 +1000

---

Hi Pascal,

EFS does not encrypt over the network as that would expose the data to
network snoops. However if XP_A and B "trust each other for delegation" an
advanced security setting, (and I think the Domain Controller must also
trust the workstations) this can be made to work.
You really need to set up a CA on your AD to manage the certs. plus fully
understand the processes involved. You can read all this on microsoft.com.

Good luck,
CreateWindow


"Pascal" <pascal_t@xxxxxxxxxxxxxxxxxx> wrote in message
news:mn.23907d753190e61a.70874@xxxxxxxxxxxxxxxxxxxxx

Hello,

I have test something but I am not sure that I am right !

I have two computers XP_A and XP_B member of an active directory domain
with no certificate authority.
There are two users : Pascal and Isabelle.

1. Pascal logs on XP_A and encrypt a file with EFS.
2. Pascal exports his certificate through Internet explorer (with or
without the private key, the issue will be the same)
3. Now, on XP_B, an admin install the Pascal certificate on the computer
(in the "Trusted People" store).
4. Isabelle logs on XP_B and encrypts a file with EFS, then she adds the
Pascal certificate to authorize him to access this encrypted file.
5. Pascal is connected to XP_A and opens the encrypted files for which his
certificate is attached on XP_B,but he still has an access denied.

Question : Why Pascal is not able to access this file from the network ?
(From XP_A to XP_B)

More generally, if I export an EFS user certificate from one computer to
another, can I access the encrypted file through the network.

With a certificate authority, I think there will be no problem but I would
like to understand why like this it is not working.

Thank you :)

--
Pascal

.

---

• Follow-Ups:
  • Re: About EFS and local certificate that I want to export
    • From: Pascal

• References:
  • About EFS and local certificate that I want to export
    • From: Pascal

• Prev by Date: Re: Desktop
• Next by Date: Re: Configuring A Mandatory Profile On A Server
• Previous by thread: About EFS and local certificate that I want to export
• Next by thread: Re: About EFS and local certificate that I want to export
• Index(es):
  • Date
  • Thread

---

Relevant Pages RE: EFS File Share Help ... And your roaming profile cannot work properly. ... If user tries to encrypt a remote file/folder stored ... user, and subsequently requests, or generates a self-signed EFS ... The certificate and private key are loaded in a local profile ... (microsoft.public.windows.server.sbs) RE: EFS rollout using Active Directory ... I just have something to add to the Final Thought regarding laptop users: ... You can implement EFS on systems running Windows 2000 and Windows XP ... Stand-alone workstations generate their own public key certificate that you ... encrypt the contents of their files or folders. ... (Focus-Microsoft) Re: EFS Errors ... Disabling DFS can disrupt your Group Policy propagation which may be causing ... your EFS errors if you have changed your Recovery Agent Certificate. ... I am able to encrypt on the server but noone is able to encrypt ... (microsoft.public.security) Re: Restoring Encrypted Files ... I'm using EFS because of Microsoft recommendation to do so on portable ... clients. ... >> If I encrypt files on an XP Pro client and backup those files using NT ... > corrupted or missing certificate, it is critical that you back up the ... (microsoft.public.windows.server.sbs) Re: EPS ... EFS will encrypt only the ... EFS encrypts with one certificate per user; so all the files and folders ... (microsoft.public.windowsxp.security_admin)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.general  > 2007-05