Re: How to Copy EFS(encrypted) Files....

Not sure what solution you are looking for, but for the copy operation to be
sucessful the file must be decrypted first (this is how EFS works and
protects data -- anything else would be sort of security bypass and would
beat the purpose of EFS).
This means that user must have private keys corresponding to the private key
that encrypted the files. Once the files are copied to the other computer
(they are copied over the network _unencrypted_) they are again encrypted on
the end server if the folder where you are copying them has encrypt
attribute set... This could again cause some problems since the files must
be encrypted with same keys as before they were copied or user will fail to
access the content of the files...

Also you mentioned that you have a way to export the keys. Think about
this -- especially how keys are protected in this case? Aren't you lowering
the level of security by doing this?

The only really "good" solution that I see here is backup and restore using
software that knows how to "deal" with EFS encrypted files (e.g. ntbackup).
In this case user doing the backup and restore operation doesn't need to
decrypt the files first and encrypt them once the files are copied. The only
permission that user needs in this case is backup permission. Also -- files
are encrypted even when copied over the network.

--
Mike
Microsoft MVP - Windows Security

"kea" <kea@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:ADBDBD5B-3CDA-4960-8A12-96575446E0E1@xxxxxxxxxxxxxxxx
> Hi All,
> In my environment EFS has just been rolled out. I do not have the back
> office specifics, but need to be able to copy data from one machine to
> another in an efficient manner. We have a mechanism to export and import
> cert.
> 1. Drive to drive data is copied and efs maintain. But on laptops this
> means
> taking drives out of machines and we do not want to do that.
> 2. It seems that if you copy the files to a location that is on the
> machines
> bus, or a local drive EFS is maintained.
> 3. We have tried other methods including backup and restore solutions and
> winzip. All are much slower that a direct copy of course.
>
> SO is there any other way to copy EFS file from one user machine to
> another
> and maintain the encrytion over a crossover cable or peer-to-peer copy?
>
> Thanks.


.

Relevant Pages

  • Re: Help Me to prevent crack my admin Password
    ... You can't use EFS to encrypt the current system directory. ... >> remove the floppy drive as well as any other drives such as CD or DVD ... >>> fellows is loging in as my administrator login and he is ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Encription for MDF files
    ... EFS by itself is not a complete solution. ... If the box is stolen - including the EFS recovery keys, ... then encrypt it before it is stored and decrypt it when retrieving. ... > 1) Logon with the SQL Server startup account ...
    (microsoft.public.sqlserver.security)
  • Re: Encrypted vs file permissions etc.
    ... Your files were encrypted with EFS. ... Use an EFS Recovery agent. ... > Inadvertantly clicked Encrypt, ... > unzip them or copy them to the internal hard drives where I can unsip ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Encrypted vs file permissions etc.
    ... Your files were encrypted with EFS. ... Use an EFS Recovery agent. ... > Inadvertantly clicked Encrypt, ... > unzip them or copy them to the internal hard drives where I can unsip ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Need help unencrypting files after computer exploded
    ... so then one day my mother board caught on fire, ... i was able to salvage my hard drives from it. ... there is some kind of magic way i can un-encrypt or retrieve a efs ... gets all the bits from to encrypt the certificate. ...
    (microsoft.public.windowsxp.security_admin)
Quantcast