The little USB drive can be formatted NTFS? Interesting. I had only seen
FAT before. Cool!
Steve isn't talking about user names and passwords. He means certificates
and their private keys. This says it's for Server 2003, but it applies
equally to XP:
http://www.microsoft.com/technet/pr...standard/encrypt_howto_backup_certificate.asp
Adding users is going to be a little complicated unless the machines are in
a domain (thus can look up users in the AD) and can guarantee that the users
will always use the same certificates.
If you have enough room on your USB devices you might want to consider
redirecting the user's application data - point it at a directory on the
removable device. Then the keys will physically roam with the user. The
downside is that you'd need to have the USB dongle plugged in during the
user's entire session (meaning "log on until log off" when I say "session"
here).
--
Drew Cooper [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.
Pavel said:
Thanks Steven,
All the machines are XP. I am not using the same user names on the other
machines, but I did test it few times using the same name and password with
out and change, it still did not work. The encryption method seem to be same
but I think I better check one more time.
--
Pavel
Steven L Umbach said:
I am more familiar with W2K, but I would check that the private key
was
exported with
the certificate [use mmc certificate snapin] and that you are using
the
same user
logon name and password on the machine you are having a problem with
as
the machine
the files were copied from. Windows 2000 machines may not be able to decrypt files
encrypted on XP Pro since by default XP Pro [at least SP1 I believe]
uses
a stronger
encryption method. --- Steve
http://support.microsoft.com/?id=329741
I have been unable to figure out why one of the PC's that I maintain is
refusing to cooperate. I have a need to transport sensitive data
from
one PC
to another, not at the same location and there is no access to
internet
for
some of them. Our solution was to use USB PenDrive formatted with
NTFS
and
then files placed on it are Encrypted using Windows native encryption.
Access to these files is then given by one time installation of Certificate
of Authenticity that comes from the originating PC's
The problem is that when I create Certificate of Authenticity on one
particular PC and then install this certificate on other PC's, any Encrypted
file that comes from the source where the Certificate was created, I am
unable to open such file. It acts as if no certificate exists. The
only
way
I am able to read this file is if and when the file is still at the source,
I add the 'Users Who Can Transparently Access This File' option with
the
name of the user that will be permitted to open this file under Encryption
Details. This is not desirable since this option is not available under
Encrypted Folder, which could then set every file in this folder to this
state.
With all other PC's that I work with, the Certificate is sufficient
with
the
exception of this one.
I do not know if this will make any sense to whom may reads this.
