Encrypted files

P

Pauba

Hello guys:

I have three networked computers. 2 XPs, 1 W2000.
Files are kept in the W2000.
I can open files from shared folders normally.
Now, I have tried to encrypt those shared folders, but when I try to open
documents, they do not open anymore. E.g.: I have been trying to open a Word
document from my XP -- document is located in an encrypted shared folder in
the other computer (W2000). It does not work.
Note: User has full permission.

Does anybody can give me a clue of what I am doing wrong? Can a user access
a encrypted document remotely?

Thanks,

P Auba
 
K

Kerry Brown

Pauba said:
Hello guys:

I have three networked computers. 2 XPs, 1 W2000.
Files are kept in the W2000.
I can open files from shared folders normally.
Now, I have tried to encrypt those shared folders, but when I try to open
documents, they do not open anymore. E.g.: I have been trying to open a
Word document from my XP -- document is located in an encrypted shared
folder in the other computer (W2000). It does not work.
Note: User has full permission.

Does anybody can give me a clue of what I am doing wrong? Can a user
access a encrypted document remotely?
Click to expand...

Not easily in a workgroup environment. Be very careful with EFS. If you do
not backup the associated certificates and keys you will lose data
eventually. One of the problems is Windows 2000 and Windows XP use different
encryption methods. See the following link. Make sure you understand EFS
before you rely on it. Encrypt some files as a test. Until you can move
these files to another computer and de-crypt them on that computer logged in
as a local user on that computer you are in danger of losing data. Something
as simple as changing your password can render the files unusable.

http://www.microsoft.com/technet/security/topics/cryptographyetc/efs.mspx

Kerry
 
P

P Auba

So, If I understtod you correctly, it is better to avoid it if one is using
two different OSs (XP & 2000).
Even though this is not what I wanted to hear, it is of great help.

Thank you,

P Auba
 
S

Steven L Umbach

XP Pro can decrypt files encrypted by Windows 2000 but not vice versa. The
other problem is that the user trying to decrypt the files must have access
to EFS certificate/private key used to encrypt the files. Usually using EFS
on shared folders is done in a domain environment. What you could try is to
have the user who should be using EFS logon to the computer where the shares
are and encrypt a file which will generate a certificate/private key for the
user. Then have the user try it from a remote computer being sure he is
logged on with the same logon name/password on the remote computer. You
would first want to have the user export his certificate/private key to a
password protected.pfx file from the computer that has the share and then
import it into the remote computer he uses. As Kerry suggested be very
careful with EFS. Users MUST be trained to backup their EFS
certificate/private key to external media and keep in mind that formatting
an operating system to do a reinstall will destroy EFS certificates/private
keys and if backups were not made the EFS encrypted files will be
permanently unavailable. The same can happed due to file corruption. The
link below is a must read by anyone considering using EFS. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;EN-US;223316
 
K

Kerry Brown

It can be done (mixing OSs) but it is not easy to configure. The bigger
problem is making sure you can access the data if/when something goes wrong.
EFS works very well it is just complicated to set up. While theoretically
possible, realistically it is impossible to de-crypt the files if/when
something goes wrong. You are better off to use Share and NTFS permissions
to restrict access to data you don't want everyone to access. EFS works
great for data that must be taken off site as with laptops, etc. Even then
it must be used with care or you will lose data. All it takes is a user to
forget their password and an administrator to reset it and the data can be
lost.

Kerry
 
P

P Auba

import it into the remote computer he uses. As Kerry suggested be very
careful with EFS. Users MUST be trained to backup their EFS
certificate/private key to external media and keep in mind that formatting
an operating system to do a reinstall will destroy EFS
certificates/private keys and if backups were not made the EFS encrypted
files will be permanently unavailable. The same can happed due to file
corruption. The link below is a must read by anyone considering using
EFS. --- Steve
Click to expand...
Actually, in my environment, it seems more complex and less reliable
than I expected.
I'll be avoiding it for a while.

Thank you for your input.

P Auba
 
S

Steven L Umbach

No Problem. EFS in a workgroup can work very well on a users computer
[versus a share] as long as the user does have a backup of their EFS
certificate/private key or a clear text backup of their data. --- Steve
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Encrypting files on Windows XP: No Way 1
EFS, encryption and offline files 2
Encrypted folders 2
Opening EFS Encrypted XLS file in XP 1
decrypt my encrypted files 4
All new files are green (encrypted?) 1
can't access encrypted files 3
Letting Others Open Encrypted Files on a Network Share 3

Top