File and Folder Encryption Usage

[Nicolas Macarez]

Hi you all,
I wish to use the built-in encryption features (EFS) of Windows XP
Professionnal.

My wish is to encrypt some data on an external hard drive on a machine A,
and then remove the hard drive, plug it in on another machine B
(ruuningWindows XP Professional as well) - and be able to access my files
and folders again (either on machine B or on machine A).

My machine A is pertaining to a Windows Server 2003 domain (I can install
ant software on the domain controller, such as Certficate services, if
needed). I don't know if it helps...
My machine B is fully stand alone (no domain).

Two questions :
1. Is this possible or do I need to use a third party product (which one for
example)?
2. If yes, where can I find the right procedure?

Help appreciated!
Nicolas

 

[Kerry Brown]

Yes it is possible to do what you want. You need to export the EFS
certificate used to encrypt the file then import it on the stand alone
computer. This sounds easy but it is not. Here is a link explaining all
about EFS and how to use it. Make sure you understand it thoroughly before
implementing EFS.

http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx

If something goes wrong you will lose access to all the encrypted files with
no hope of recovering them. Before encrypting your actual data test the
procedures with sample data so you know it works.

 

[Rock]

Hi you all,
I wish to use the built-in encryption features (EFS) of Windows XP
Professionnal.

My wish is to encrypt some data on an external hard drive on a machine A,
and then remove the hard drive, plug it in on another machine B
(ruuningWindows XP Professional as well) - and be able to access my files
and folders again (either on machine B or on machine A).

My machine A is pertaining to a Windows Server 2003 domain (I can install
ant software on the domain controller, such as Certficate services, if
needed). I don't know if it helps...
My machine B is fully stand alone (no domain).

Two questions :
1. Is this possible or do I need to use a third party product (which one
for
example)?
2. If yes, where can I find the right procedure?

EFS has many pitfalls - it has earned the dubious name of "delayed recycle
bin". If something goes wrong you won't be able to recover the files so be
careful. Here are some links about how to setup and use EFS. Make sure you
read through them carefully. I would keep backup copies of the files in an
unencrypted form.

Encrypting File System in Windows XP and Windows Server 2003
http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx

How To Encrypt a Folder in Windows XP
http://support.microsoft.com/?id=308989

How To Remove File Encryption in Windows XP
http://support.microsoft.com/?id=308993

How To Encrypt a File in Windows XP
http://support.microsoft.com/?id=307877

HOW TO: Share Access to an Encrypted File in Windows XP
http://support.microsoft.com/?id=308991

Best practices for the Encrypting File System
http://support.microsoft.com/?id=223316

How to back up the recovery agent Encrypting File System (EFS) private key
in Windows Server 2003, in Windows 2000, and in Windows XP
http://support.microsoft.com/?id=241201

How to add an EFS recovery agent in Windows XP Professional
http://support.microsoft.com/?id=887414

 

[Nicolas Macarez]

Thanks to you both for the advice - and the warnings!
A week ago, I printed the tech paper you both advise me to read (that is :
http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx) -
and read half of it.
I was expecting something simpler... Anyway, I'll be back to this
document...
Regards
Nicolas

 

[Kerry Brown]

You're welcome.

EFS works very well. For a lot of people it works too well They don't
take precautions and lose data. It sounds like you are going about it the
right way.

 

[John Wunderlich]

Two questions :
1. Is this possible or do I need to use a third party product
(which one for example)?
2. If yes, where can I find the right procedure?

You have been given some good advice for implementation of EFS.

If you'd like to try a 3rd party solution which is a bit simpler,
consider the freeware TrueCrypt. There are no certificates to mess
with, just a passphrase or passfile.
<http://www.truecrypt.org>

HTH,
John

 

[Nicolas Macarez]

Thanks to you all for the advice on EFS - and the warnings! - and the third
party product.
A week ago, I printed the tech paper you both advise me to read (that is :
http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx) -
and read half of it.
That's true that I was expecting something simpler...
Regards
Nicolas

 

[Nicolas Macarez]

Thanks to you all for the advice on EFS - and the warnings! - and the third
party product.
A week ago, I printed the tech paper you both advise me to read (that is :
http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx) -
and read half of it.
That's true that I was expecting something simpler...
Regards
Nicolas

 

[Rock]

Thanks to you all for the advice on EFS - and the warnings! - and the
third
party product.
A week ago, I printed the tech paper you both advise me to read (that is :
http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx)
-
and read half of it.
That's true that I was expecting something simpler...

<snip>

You're welcome Nicholas.