EFS in a workgroup

[Richard Nichols]

I have a home network with a Windows XP Pro and a Windows
2000 Pro configured with a LinkSys 802.11b router as a
Workgroup. When I use EFS to encrypt documents I can
access I can successfully read the encrypted documents on
a Windows 2000 share from the Windows XP Pro PC.
However, I can not read encrypted documents on the
Windows XP share from the Windows 2000 PC. I don't
believe the problem is permissions related as I have no
problem with clear text documents in the same share on
the XP. The User ID/password are the same. I don't see
any security policies or services that are configured
differently between the two systems.

 

[Star Fleet Admiral Q]

You'll need to export the EFS certificate of the logon used to encrypt the
documents and import this certificate into the logon being used to view them
on the other machine.

 

[Roger Abell]

even if you imported the certificate/key into the other
system, you will encounter incompatibility between
W2k and XP Sp1 due to difference in the encryption
algorithms. There are reg settings to reduce the strength
of XP algorithms to match W2k but it is a reduction in
EFS safety.

 

[Laudon Williams [MSFT]]

You may find this useful:
http://www.microsoft.com/technet/tr...chnet/prodtechnol/winxppro/deploy/CryptFS.asp

 

[Drew Cooper [MSFT]]

It's not a permissions problem.
Remote EFS over SMB was never intended to work at all in a workgroup. There
was a bug in DPAPI that allowed you to access encrypted files shared from a
Win2k machine. The bug was fixed in XP and Server 2003. I believe the bug
is also fixed in the next service pack for Win2k - don't expect this to work
when you install SP5. (Sorry to be the bearer of bad news.)

If you only access the files from XP machines, you could set up IIS and use
WebDAV.