J
Jim Felakos
Thanks for the reply. So can I set up the network to be a
domain based as opposed to workgroup network, or is that
impossible on the home version of WinXP pro? Would I need
Windows server instead (which I am not going to do for my
2 computer home network)? In the end, am I simply forced
to forego using EFS if I want to share the files? Thanks.
-----Original Message-----
Hi Jim,
While you have the right idea what you are trying to
accomplish is not exactly possible. On Windows NT style
operating systems (like Windows XP) each user account on a
given system has a unique security Identifier called a
SID. So even if you make an identical username and
password pair on 2 different systems the SID for the
account will not be the same. Thus when you import
the "certificate" for EFS and attempt to access files, you
have the correct certificate but the incorrect SID and the
system denies you access. Domains do not have this problem
as the SID comes from a domain controller and is valid in
the entire network. Standalone or workgroup systems can
not share or export the SIDs for use on other systems.
The big reason for being able to export the certificate is
so that if an account becomes corrupted and the EFS
recovery agent needs it you can import it onto the same
machine and recover the encrypted files.
--
Curtis Koenig
Support Professional
Microsoft Clustering Technologies Support
Microsoft Certified Systems Engineer
Microsoft Certified Systems Engineer - Security
This posting is provided "AS IS" with no warranties and
confers no rights.
Please reply to the newsgroup so that others may benefit.
Thanks!
--------------------
From: "Jim Felakos" <[email protected]
Subject: Encryption File System on home network
Date: Thu, 14 Aug 2003 11:31:18 -0700
I have two computers networked, each with WinXP Pro. They
are members the same workgroup (not a server domain). On
the laptop, I have encrypted the My Documents folder. I
would like to be able to access this folder from the other
computer. The folder is shared, and I can access test non-
encrypted files from the directory, but not the encrypted
ones. The computers are connecting fine with different
users as I would like (namely my wife accesses the laptop
with her user name on the laptop from the desktop).
I have enabled the files to be accessed by each of our
certificates (properties for the file and then modifying
the details for encryption). I have exported and then
imported her certificate from her user name on the laptop
to her account on the desktop. At this point I am
stumped. Any suggestions? Neither the documentation in
help file nor in the knowledge base has been helpful.
Thanks.
domain based as opposed to workgroup network, or is that
impossible on the home version of WinXP pro? Would I need
Windows server instead (which I am not going to do for my
2 computer home network)? In the end, am I simply forced
to forego using EFS if I want to share the files? Thanks.
-----Original Message-----
Hi Jim,
While you have the right idea what you are trying to
accomplish is not exactly possible. On Windows NT style
operating systems (like Windows XP) each user account on a
given system has a unique security Identifier called a
SID. So even if you make an identical username and
password pair on 2 different systems the SID for the
account will not be the same. Thus when you import
the "certificate" for EFS and attempt to access files, you
have the correct certificate but the incorrect SID and the
system denies you access. Domains do not have this problem
as the SID comes from a domain controller and is valid in
the entire network. Standalone or workgroup systems can
not share or export the SIDs for use on other systems.
The big reason for being able to export the certificate is
so that if an account becomes corrupted and the EFS
recovery agent needs it you can import it onto the same
machine and recover the encrypted files.
--
Curtis Koenig
Support Professional
Microsoft Clustering Technologies Support
Microsoft Certified Systems Engineer
Microsoft Certified Systems Engineer - Security
This posting is provided "AS IS" with no warranties and
confers no rights.
Please reply to the newsgroup so that others may benefit.
Thanks!
--------------------
From: "Jim Felakos" <[email protected]
Subject: Encryption File System on home network
Date: Thu, 14 Aug 2003 11:31:18 -0700
I have two computers networked, each with WinXP Pro. They
are members the same workgroup (not a server domain). On
the laptop, I have encrypted the My Documents folder. I
would like to be able to access this folder from the other
computer. The folder is shared, and I can access test non-
encrypted files from the directory, but not the encrypted
ones. The computers are connecting fine with different
users as I would like (namely my wife accesses the laptop
with her user name on the laptop from the desktop).
I have enabled the files to be accessed by each of our
certificates (properties for the file and then modifying
the details for encryption). I have exported and then
imported her certificate from her user name on the laptop
to her account on the desktop. At this point I am
stumped. Any suggestions? Neither the documentation in
help file nor in the knowledge base has been helpful.
Thanks.