EFS on 2 machines...same user

W

wwwmikecom

Is it possible to have the same user logged in on both machines sharing
EFS encrypted files?

What I want to do is to use the XP power toys Sync tool to Sync 2
encrypted machines. Is this possible? I've tried exporting certificates
and that doesn't seem to work or I'm doing it wrong.
 
S

Steven L Umbach

Make sure that you also export the EFS private key to import into another
computer. If you do that correctly you will create a password protected file
with a .pfx extension. You will also need to do that before any other files
are encrypted on the other computer because the operating system will
generate a self signed certificate/private key if there is none for the user
unless you are "sharing" the EFS file. In any case you need to make sure
that the right certificate/private key is used. You can use the efsinfo tool
or look at the properties of the file under advanced - details to see the
thumbprint of the certificate that can be used and compare to your EFS
certificate/private key.

Steve

http://support.microsoft.com/default.aspx?scid=kb;EN-US;223316 --- EFS
best practices
 
W

wwwmikecom

Thanks. I think though I have something wrong. I tried that and I still
can't access those files. I even tried exporting ALL certs that are
intended for encryption and still no luck.
 
S

Steven L Umbach

Did you verify that you have a certificate AND private key for your user
account with a thumbprint that matches a certificate used for an EFS file
you are trying to decrypt?? You can use the mmc snapin for certificate for
user and go to personal folder - certificates. See if the certificate is
there and it shows on the main page that you have a private key for this
certificate. The thumbprint can be seen in details page at the bottom. Enter
mmc in the run box and hit OK to open the mmc console and then select file -
add/remove snap-in and add the certificates snapin for user.

Steve
 
W

wwwmikecom

Steve, thanks for the help. yes, I did verify that but the problem is,
I export the right keys but when I import them the machine still uses
it's own key. I even delete the key off both machines, encrypt on one,
export the key, import on the 2nd machine and then encrypt and still it
uses it's own key. What am I doing wrong?
 
S

Steven L Umbach

When you delete the existing key and logoff the computer, logon and import
the .pfx into your "user" certificate store does it still not use the
certificate you imported and create a new one? If you have not done so when
you import the .pfx file into your user store use the mmc snapin for
certificates to verify that it is shown there along with the private key and
that no other one exists. When you import the .pfx file be sure to NOT
select the option for strong protection of the private key.

Steve
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top