EFS and moving files from old computer to new

[brian4]

So I have a user that has his my documents encrypted with the Microsoft EFS.
Back in August we did a domain migration and were able to export his
certificates out of his old profile and into his new domain profile and
access all of the encrypted documents.



Now he is moving to a new computer and we did the export and import with his
EFS certificate again but this time it can not access the encrypted
documents. We followed the same procedure and if you look at the details of
the encrypted file you can see the certificate that it is using. It has the
same thumbprint as the one that we imported onto the new one but still no
luck.



has anyone used the EFS much and if so have you run into any problems like
this?



Thanks

 

[Lem]

So I have a user that has his my documents encrypted with the Microsoft EFS.
Back in August we did a domain migration and were able to export his
certificates out of his old profile and into his new domain profile and
access all of the encrypted documents.



Now he is moving to a new computer and we did the export and import with his
EFS certificate again but this time it can not access the encrypted
documents. We followed the same procedure and if you look at the details of
the encrypted file you can see the certificate that it is using. It has the
same thumbprint as the one that we imported onto the new one but still no
luck.



has anyone used the EFS much and if so have you run into any problems like
this?



Thanks

Personally, I wouldn't touch EFS with a 10-foot pole. It's far too easy
to lose access to data ... and if the data is important enough to
encrypt, it's too important to lose.

 

[John Wunderlich]

=?Utf-8?B?YnJpYW40QG1haWwuY29t?=

So I have a user that has his my documents encrypted with the
Microsoft EFS. Back in August we did a domain migration and were
able to export his certificates out of his old profile and into
his new domain profile and access all of the encrypted documents.



Now he is moving to a new computer and we did the export and
import with his EFS certificate again but this time it can not
access the encrypted documents. We followed the same procedure
and if you look at the details of the encrypted file you can see
the certificate that it is using. It has the same thumbprint as
the one that we imported onto the new one but still no luck.



has anyone used the EFS much and if so have you run into any
problems like this?

I've read a lot of horror posts about what happens with EFS. I have
avoided it in favor of the freeware "Truecrypt" that is equally
secure but much more portable with regards to moving containers from
one machine or OS to another. I have used it for years and never
had a single problem. Never trust an OS to manage encryption keys
for you.

<http://www.truecrypt.org>

Regarding the problem you cite -- details are lacking. Is the
system you're moving it too also a Windows XP system? Are proper
file access/security permissions set? What kind of errors are
you getting?

Maybe some answers here:
"How Encrypting File System Works"
<http://technet.microsoft.com/en-us/library/cc781588(WS.10).aspx>

"Encrypting File System in Windows XP and Windows Server 2003"
<http://technet.microsoft.com/en-us/library/bb457065.aspx>

HTH,
John