About EFS and local certificate that I want to export in SBS

From: Pascal <pascal_t@xxxxxxxxxxxxxxxxxx>
Date: Fri, 04 May 2007 15:23:13 +0200

Hello,

I have test something but I am not sure that I am right !

I have two computers XP_A and XP_B member of an active directory domain with no certificate authority.
There are two users : Pascal and Isabelle.

1. Pascal logs on XP_A and encrypt a file with EFS.
2. Pascal exports his certificate through Internet explorer (with or without the private key, the issue will be the same)
3. Now, on XP_B, an admin install the Pascal certificate on the computer (in the "Trusted People" store).
4. Isabelle logs on XP_B and encrypts a file with EFS, then she adds the Pascal certificate to authorize him to access this encrypted file.
5. Pascal is connected to XP_A and opens the encrypted files for which his certificate is attached on XP_B,but he still has an access denied.

Question : Why Pascal is not able to access this file from the network ? (From XP_A to XP_B)

More generally, if I export an EFS user certificate from one computer to another, can I access the encrypted file through the network.

With a certificate authority, I think there will be no problem but I would like to understand why like this it is not working.

Thank you !

--
Pascal

.

Follow-Ups:
- Re: About EFS and local certificate that I want to export in SBS
  - From: Dave Nickason [SBS MVP]

Prev by Date: Re: Event ID 1030 Userenv
Next by Date: Re: Vista Client Setup Problem
Previous by thread: Re: Event ID 1030 Userenv
Next by thread: Re: About EFS and local certificate that I want to export in SBS
Index(es):
- Date
- Thread

Relevant Pages

Re: EFS/DRA
... Associated with the user is a Cert Thumbprint. ... Does it state that you have the private key associated with the certificate? ... > test the data recovery agent before implementing EFS on my network. ... It is not a transfer of the encrypted file to your machine. ...
(microsoft.public.security)
EFS Pilot
... I'm trying to configure a EFS pilot on our domain. ... We are running Windows ... I'm trying to configure EFS to use a Certificate Authority to allow multiple ... users to have access to a single encrypted file. ...
(microsoft.public.windows.server.security)
RE: WinXP Encryption Added users "Access denied"
... onto the same computer--in other words, both users have profiles and EFS ... If you want to share files that have been encrypted on a remote server, ... publish that certificate to the AD. ... > encrypted file from PC1 or PC2, it takes a while, and sometimes clicking on ...
(microsoft.public.windowsxp.security_admin)
Re: Getting rid of my Certification Authority
... revoked my new certificate. ... have you checked to see if any EFS ... won't be able to share the encrypted file with that user. ... your EFS certificate you will be able to use it to encrypt new content as ...
(microsoft.public.security)
About EFS and local certificate that I want to export
... I have two computers XP_A and XP_B member of an active directory domain with no certificate authority. ... Isabelle logs on XP_B and encrypts a file with EFS, then she adds the Pascal certificate to authorize him to access this encrypted file. ... With a certificate authority, I think there will be no problem but I would like to understand why like this it is not working. ...
(microsoft.public.windows.server.general)