encrypted files (NTFS EFS) on external USB drive

G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I need to put NTFS EFS files on a USB external drive and then be able to
read and use those files (with a password, of course) when that USB
drive is plugged into another computer.

I've created the drive and EFS encrypted files, and they work -- on the
computer on which they were created.

I exported the certificate (.pfx file) from the computer on which the
files were made, and imported it into the "target" computer, thinking
that this would give me access to the files on the target. However, it
did not (or quite possibly I did it wrong).

Can someone tell me how to do this? No data has been lost or anything,
I just want to understand how to create encrypted files on an external
USB drive and then access those files "normally" when that drive is
plugged into another computer.

Thanks
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

yes, I know that, this was on an NTFS partition, as was stated in the
original question. EFS is working just fine; the question is, how to
read the encrypted files when the drive (a USB external drive with an
NTFS partition) is moved to another computer (also running XP Pro).


Som wrote:
> EFS works only on NTFS.
> Som
>

Original post:

I need to put NTFS EFS files on a USB external drive and then be able to
read and use those files (with a password, of course) when that USB
drive is plugged into another computer.

I've created the drive and EFS encrypted files, and they work -- on the
computer on which they were created.

I exported the certificate (.pfx file) from the computer on which the
files were made, and imported it into the "target" computer, thinking
that this would give me access to the files on the target. However, it
did not (or quite possibly I did it wrong).

Can someone tell me how to do this? No data has been lost or anything,
I just want to understand how to create encrypted files on an external
USB drive and then access those files "normally" when that drive is
plugged into another computer.

Thanks
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

yes, I know that, this was on an NTFS partition, as was stated in the
original question. EFS is working just fine; the question is, how to
read the encrypted files when the drive (a USB external drive with an
NTFS partition) is moved to another computer (also running XP Pro).


Som wrote:
> EFS works only on NTFS.
> Som
>

Original post:

I need to put NTFS EFS files on a USB external drive and then be able to
read and use those files (with a password, of course) when that USB
drive is plugged into another computer.

I've created the drive and EFS encrypted files, and they work -- on the
computer on which they were created.

I exported the certificate (.pfx file) from the computer on which the
files were made, and imported it into the "target" computer, thinking
that this would give me access to the files on the target. However, it
did not (or quite possibly I did it wrong).

Can someone tell me how to do this? No data has been lost or anything,
I just want to understand how to create encrypted files on an external
USB drive and then access those files "normally" when that drive is
plugged into another computer.

Thanks
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I've never tried what you're doing, but I would think it would work. Here's
a few things you may want to check:

1. Is the second machine the same XP (and service pack, if any) as the
first? The encryption algorithm is different between XP and XP SP1-2.
2. Do you have permissions to the files when you're accessing them on the
second machine. (You may have to take ownership.)
3. Are you sure you've imported the EFS private key and not just the
certificate? To check that, right-click the certificate (in your
Certificates snap-in) and select All Tasks > Export to launch the Export
Wizard. On the second page, is "Yes, export the private key" active or
grayed out? Grayed-out means the private key is missing; run the .pfx file
to import it. Active means the key is there.

Hope that helps.

Thanks.
Pat

"Barry Watzman" wrote:

> yes, I know that, this was on an NTFS partition, as was stated in the
> original question. EFS is working just fine; the question is, how to
> read the encrypted files when the drive (a USB external drive with an
> NTFS partition) is moved to another computer (also running XP Pro).
>
>
> Som wrote:
> > EFS works only on NTFS.
> > Som
> >
>
> Original post:
>
> I need to put NTFS EFS files on a USB external drive and then be able to
> read and use those files (with a password, of course) when that USB
> drive is plugged into another computer.
>
> I've created the drive and EFS encrypted files, and they work -- on the
> computer on which they were created.
>
> I exported the certificate (.pfx file) from the computer on which the
> files were made, and imported it into the "target" computer, thinking
> that this would give me access to the files on the target. However, it
> did not (or quite possibly I did it wrong).
>
> Can someone tell me how to do this? No data has been lost or anything,
> I just want to understand how to create encrypted files on an external
> USB drive and then access those files "normally" when that drive is
> plugged into another computer.
>
> Thanks
>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

The second machine is also running XP Pro SP2 (the machines in question
are my desktop and my laptop, both running XP Pro SP2, in my residence,
not on a domain). There is no explicitly designated recovery agent, but
I am the only user on both machines.

It's not clear if I have the necessary "permission" on the laptop or
not, but I have tried taking ownership on the laptop (apparently
successfully) and it still won't let me open the encrypted files. The
message just says that you don't have the necessary rights and that the
file may be encrypted. It's a bit ambiguous as to why I can't open it,
however I believe it's because of encryption.

No, I'm not SURE that I imported the EFS private key and not just the
certificate. I'd appreciate instructions on both the export and the
import of whatever is needed. I did some reading and research and
followed what seemed to be instructions as well as possible, but all of
this was a bit unclear. I did what you said; "yes, export private key"
was active (not grayed out) and was checked, and the operation seemed to
complete successfully. On the laptop, I double clicked on it and it
seemed to import properly.


Pat Hoffer [MSFT] wrote:

> I've never tried what you're doing, but I would think it would work. Here's
> a few things you may want to check:
>
> 1. Is the second machine the same XP (and service pack, if any) as the
> first? The encryption algorithm is different between XP and XP SP1-2.
> 2. Do you have permissions to the files when you're accessing them on the
> second machine. (You may have to take ownership.)
> 3. Are you sure you've imported the EFS private key and not just the
> certificate? To check that, right-click the certificate (in your
> Certificates snap-in) and select All Tasks > Export to launch the Export
> Wizard. On the second page, is "Yes, export the private key" active or
> grayed out? Grayed-out means the private key is missing; run the .pfx file
> to import it. Active means the key is there.
>
> Hope that helps.
>
> Thanks.
> Pat
>
> "Barry Watzman" wrote:
>
>
>>yes, I know that, this was on an NTFS partition, as was stated in the
>>original question. EFS is working just fine; the question is, how to
>>read the encrypted files when the drive (a USB external drive with an
>>NTFS partition) is moved to another computer (also running XP Pro).
>>
>>
>>Som wrote:
>>
>>>EFS works only on NTFS.
>>>Som
>>>
>>
>>Original post:
>>
>>I need to put NTFS EFS files on a USB external drive and then be able to
>>read and use those files (with a password, of course) when that USB
>>drive is plugged into another computer.
>>
>>I've created the drive and EFS encrypted files, and they work -- on the
>>computer on which they were created.
>>
>>I exported the certificate (.pfx file) from the computer on which the
>>files were made, and imported it into the "target" computer, thinking
>>that this would give me access to the files on the target. However, it
>>did not (or quite possibly I did it wrong).
>>
>>Can someone tell me how to do this? No data has been lost or anything,
>>I just want to understand how to create encrypted files on an external
>>USB drive and then access those files "normally" when that drive is
>>plugged into another computer.
>>
>>Thanks
>>
 

som

Distinguished
Sep 18, 2002
5
0
18,510
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

In article <425C3348.6030306@neo.rr.com>, WatzmanNOSPAM@neo.rr.com
says...

Oh, somehow I had a thought it was USB flash drive, not hard disk on
USB.

Files are encrypted for current recovery agents - if new certificate is
added later, you have to re-encrypt files (either "touch" it with
cipher.exe or de-encrypt again) to include new recovery agent.

cipher /U
"...Tries to touch all the encrypted files on local drives. This will
update user's file encryption key or recovery agent's key to the current
ones if they are changed. This option does not work with other options
except /N..."


Som


> yes, I know that, this was on an NTFS partition, as was stated in the
> original question. EFS is working just fine; the question is, how to
> read the encrypted files when the drive (a USB external drive with an
> NTFS partition) is moved to another computer (also running XP Pro).
>
>
> Som wrote:
> > EFS works only on NTFS.
> > Som
> >
>
> Original post:
>
> I need to put NTFS EFS files on a USB external drive and then be able to
> read and use those files (with a password, of course) when that USB
> drive is plugged into another computer.
>
> I've created the drive and EFS encrypted files, and they work -- on the
> computer on which they were created.
>
> I exported the certificate (.pfx file) from the computer on which the
> files were made, and imported it into the "target" computer, thinking
> that this would give me access to the files on the target. However, it
> did not (or quite possibly I did it wrong).
>
> Can someone tell me how to do this? No data has been lost or anything,
> I just want to understand how to create encrypted files on an external
> USB drive and then access those files "normally" when that drive is
> plugged into another computer.
>
> Thanks
>

--
Som, kripl.ing.
--
Dnevno umre 18000 djece mladje od 5g zbog gladi www.thehungersite.com
XOMU Elektricki casopiz za razbirazonodu i brigu www.somware.hr/xomu
SOMWARE Prvi privatni besplatni web domacin u Hrvata www.somware.hr
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Ok, this is a "home" system, not part of a domain, I am the only user,
there is no "recover agent" unless, being the only user, I am also a
default recovery agent. The OS is XP Pro SP2.

Can you tell me what to I need to do so that when I take this USB 200
gig NTFS hard drive to another computer (e.g. my laptop, also running XP
Pro), I can access the files?

I thought that I had exported the certificate (as a .pfx file) on the
desktop and imported it on the laptop. But whatever I did (possibly
incorrectly), it still didn't work.



Som wrote:
> In article <425C3348.6030306@neo.rr.com>, WatzmanNOSPAM@neo.rr.com
> says...
>
> Oh, somehow I had a thought it was USB flash drive, not hard disk on
> USB.
>
> Files are encrypted for current recovery agents - if new certificate is
> added later, you have to re-encrypt files (either "touch" it with
> cipher.exe or de-encrypt again) to include new recovery agent.
>
> cipher /U
> "...Tries to touch all the encrypted files on local drives. This will
> update user's file encryption key or recovery agent's key to the current
> ones if they are changed. This option does not work with other options
> except /N..."
>
>
> Som
>
>>yes, I know that, this was on an NTFS partition, as was stated in the
>>original question. EFS is working just fine; the question is, how to
>>read the encrypted files when the drive (a USB external drive with an
>>NTFS partition) is moved to another computer (also running XP Pro).
>>
>>
>>Som wrote:
>>
>>>EFS works only on NTFS.
>>>Som
>>>
>>
>>Original post:
>>
>>I need to put NTFS EFS files on a USB external drive and then be able to
>>read and use those files (with a password, of course) when that USB
>>drive is plugged into another computer.
>>
>>I've created the drive and EFS encrypted files, and they work -- on the
>>computer on which they were created.
>>
>>I exported the certificate (.pfx file) from the computer on which the
>>files were made, and imported it into the "target" computer, thinking
>>that this would give me access to the files on the target. However, it
>>did not (or quite possibly I did it wrong).
>>
>>Can someone tell me how to do this? No data has been lost or anything,
>>I just want to understand how to create encrypted files on an external
>>USB drive and then access those files "normally" when that drive is
>>plugged into another computer.
>>
>>Thanks
>>
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Ok, this is a "home" system, not part of a domain, I am the only user,
there is no "recover agent" unless, being the only user, I am also a
default recovery agent. The OS is XP Pro SP2.

Can you tell me what to I need to do so that when I take this USB 200
gig NTFS hard drive to another computer (e.g. my laptop, also running XP
Pro), I can access the files?

I thought that I had exported the certificate (as a .pfx file) on the
desktop and imported it on the laptop. But whatever I did (possibly
incorrectly), it still didn't work.



Som wrote:
> In article <425C3348.6030306@neo.rr.com>, WatzmanNOSPAM@neo.rr.com
> says...
>
> Oh, somehow I had a thought it was USB flash drive, not hard disk on
> USB.
>
> Files are encrypted for current recovery agents - if new certificate is
> added later, you have to re-encrypt files (either "touch" it with
> cipher.exe or de-encrypt again) to include new recovery agent.
>
> cipher /U
> "...Tries to touch all the encrypted files on local drives. This will
> update user's file encryption key or recovery agent's key to the current
> ones if they are changed. This option does not work with other options
> except /N..."
>
>
> Som
>
>>yes, I know that, this was on an NTFS partition, as was stated in the
>>original question. EFS is working just fine; the question is, how to
>>read the encrypted files when the drive (a USB external drive with an
>>NTFS partition) is moved to another computer (also running XP Pro).
>>
>>
>>Som wrote:
>>
>>>EFS works only on NTFS.
>>>Som
>>>
>>
>>Original post:
>>
>>I need to put NTFS EFS files on a USB external drive and then be able to
>>read and use those files (with a password, of course) when that USB
>>drive is plugged into another computer.
>>
>>I've created the drive and EFS encrypted files, and they work -- on the
>>computer on which they were created.
>>
>>I exported the certificate (.pfx file) from the computer on which the
>>files were made, and imported it into the "target" computer, thinking
>>that this would give me access to the files on the target. However, it
>>did not (or quite possibly I did it wrong).
>>
>>Can someone tell me how to do this? No data has been lost or anything,
>>I just want to understand how to create encrypted files on an external
>>USB drive and then access those files "normally" when that drive is
>>plugged into another computer.
>>
>>Thanks
>>
>
>
 

galen

Distinguished
May 24, 2004
1,879
0
19,780
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

In news:425C8AB0.1050203@neo.rr.com,
Barry Watzman <WatzmanNOSPAM@neo.rr.com> had this to say:

My reply is at the bottom of your sent message:

> The second machine is also running XP Pro SP2 (the machines in
> question are my desktop and my laptop, both running XP Pro SP2, in my
> residence, not on a domain). There is no explicitly designated
> recovery agent, but I am the only user on both machines.
>
> It's not clear if I have the necessary "permission" on the laptop or
> not, but I have tried taking ownership on the laptop (apparently
> successfully) and it still won't let me open the encrypted files. The
> message just says that you don't have the necessary rights and that
> the file may be encrypted. It's a bit ambiguous as to why I can't
> open it, however I believe it's because of encryption.
>
> No, I'm not SURE that I imported the EFS private key and not just the
> certificate. I'd appreciate instructions on both the export and the
> import of whatever is needed. I did some reading and research and
> followed what seemed to be instructions as well as possible, but all
> of this was a bit unclear. I did what you said; "yes, export private
> key" was active (not grayed out) and was checked, and the operation
> seemed to complete successfully. On the laptop, I double clicked on
> it and it seemed to import properly.

I don't want to hijack this thread but I see this problem so often that I'd
flagged it so that I can hopefully get a definitive answer. In this
particular case you can double check your steps. Here's a handy dandy Google
link that *should* give you about all you're interested in and help you
troubleshoot this as I too haven't ever tried this:

http://www.google.com/search?num=100&hl=en&lr=&newwindow=1&safe=off&q=export+efs+key+windows+xp+site%3Amicrosoft.com

I've found the most accurate answers for this troubling EFS stuff to be on
the Microsoft site so I've limited the search to just microsoft.com for you.
The first link looks pretty interesting and might be what you're looking
for. Basically, I'd just use that to double check the steps you've already
taken (it sounds like you're going in the right direction but might be
missing a step.)

To know if you've taken ownership of a file:

http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q308421

Galen
--
Signature changed for a moment of silence.
Rest well Alex and we'll see you on the other side.
 

som

Distinguished
Sep 18, 2002
5
0
18,510
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Generally:


- encrypt file c:\A on PC1
- encrypt file c:\B on PC2
- cipher.exe /R on PC1
- cipher.exe /R on PC2
- exchange certificate files
- import cert file from PC1 to PC2 (double click)
- import cert file from PC2 to PC1 (double click)
- encrypt file C on USB drive on PC1
- you should be able to decrypt it on PC2

Som
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

follow this link for some helpful information
http://www.somacon.com/blog/page7.php


--
jintan_g
------------------------------------------------------------------------
jintan_g's Profile: http://forums.techarena.in/member.php?userid=1195
View this thread: http://forums.techarena.in/showthread.php?t=79632
| http://www.techarena.in | http://forums.techarena.in | http://gallery.techarena.in | http://forums.techarena.in/archive/index.php/ |