Re: Hey Jupiter! Re: XP Pro - Export Encryption Key

From: Jimshu1 (NoWay@att.net)
Date: 03/22/03

• Next message: Dave: "cookies"
• Previous message: J.Alvarez: "LSASS.EXE error"
• In reply to: Roger Abell [MVP]: "Re: Hey Jupiter! Re: XP Pro - Export Encryption Key"
• Next in thread: Roger Abell [MVP]: "Re: Hey Jupiter! Re: XP Pro - Export Encryption Key"
• Reply: Roger Abell [MVP]: "Re: Hey Jupiter! Re: XP Pro - Export Encryption Key"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "Jimshu1" <NoWay@att.net>
Date: Fri, 21 Mar 2003 22:06:06 -0500

without?

"Roger Abell [MVP]" <mvpNOSPAM@asu.edu> wrote in message
news:eZlT3KB8CHA.2196@TK2MSFTNGP12.phx.gbl...
within

--
Roger Abell
MS MVP (Security, Windows), MCDBA,  MCSE both
Associate Expert - Windows XP ExpertZone
http://www.microsoft.com/windowsxp/expertzone
"Jimshu1" <NoWay@att.net> wrote in message
news:OD078L87CHA.2296@TK2MSFTNGP10.phx.gbl...
> Well, I got to practice exporting AND IMPORTING my personal key.  Thought
I
> was going to have to use a week old Ghost image!
>
> I exported fine, but per the ref. document, I chose to "Delete the private
> key if the export is successful" option that the doc said was a best
> practice.  When I started up my system the next time, none of my encrypted
> files were accessible.  About had a stroke!
>
;-)
> I then imported the key I just had exported.  I can again access my files.
>
> A couple of questions:
>
> 1.  Is choosing "Delete the private key if the export is successful"
option
> what I did wrong?
Depends on what you want.  If the key is not held then of course
no decryption can happen.  This is a best practice to configure the
recovery agent this way.  For a day to day account doing this makes
EFS quite useless, or at least totally one-sided.
> 2. Am I OK now and do I still have just the one personal key?
It is best to have it stored very safely, likey in two separate
physical locations, and to keep no copy on the machine.
> 3. Does my changing the computer name, user name (as long as it's still an
> administration account), or system password change the original encryption
> key I just exported and then re-imported?  I know that the password I used
> for the export has to stay with that key.
You are right about the pfx password being fixed at export time.
Changing the names should not matter.  In fact, the key can be
imported into an entirely different account, on a different machine.
That is why the exported pfx must be kept safe.
Changing the password of an account must be done correctly in
order to maintain access to imported keys.  Never reset a password
administratively.  Alway change it as can be done by any account
in the User Accounts control panel.  Also, maintain a password
recovery diskette that is up-to-date.
> 4. If no to question 3, is the key I have good forever as long as I do not
> do a re-install of WinXP?
I believe there is a far in the future expiration - beyond the likelihood
of your finding hardware that can run XP.
>
> Thanks for your time and sorry for so many questions!
>
No problem - it all is a bit involved, but then it is industrial strength.
Define a recovery agent, as an account that is not normally used,
but only import its key to test it or when using it is needed.
> "Jimshu1" <NoWay@att.net> wrote in message
> news:OX0c#w77CHA.2196@TK2MSFTNGP12.phx.gbl...
> > Excellent document!  Figured it out in about 10-15 minutes.  Thank you!
> >
> >
> > "Jupiter Jones" <jones_jupiter@hotnomail.com> wrote in message
> > news:#B5g9l17CHA.2156@TK2MSFTNGP12.phx.gbl...
> > > You should read and understand this document before using Encrypting
> > > File System to keep from joining the ranks of those that have
> > > permanently lost all encrypted data.
> > > It will answer your question and much more:
> > >
> >
>
http://www.microsoft.com/windowsxp/pro/techinfo/administration/recovery/defa
> > ult.asp
> >
> >
>
>

---

• Next message: Dave: "cookies"
• Previous message: J.Alvarez: "LSASS.EXE error"
• In reply to: Roger Abell [MVP]: "Re: Hey Jupiter! Re: XP Pro - Export Encryption Key"
• Next in thread: Roger Abell [MVP]: "Re: Hey Jupiter! Re: XP Pro - Export Encryption Key"
• Reply: Roger Abell [MVP]: "Re: Hey Jupiter! Re: XP Pro - Export Encryption Key"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Hey Jupiter! Re: XP Pro - Export Encryption Key ... I got to practice exporting AND IMPORTING my personal key. ... For a day to day account doing this makes ... (microsoft.public.windowsxp.security_admin) Re: Hey Jupiter! Re: XP Pro - Export Encryption Key ... > Roger Abell ... I got to practice exporting AND IMPORTING my personal key. ... For a day to day account doing this makes ... (microsoft.public.windowsxp.security_admin) Re: Hey Jupiter! Re: XP Pro - Export Encryption Key ... > Associate Expert - Windows XP ExpertZone ... I got to practice exporting AND IMPORTING my personal key. ... For a day to day account doing this makes ... (microsoft.public.windowsxp.security_admin) Re: Outlook 2k3: exporting contacts ... Importing and exporting just provides two opportunities for data loss or ... > By "account," I meant Windows logon profile. ... > move only the Contacts and not my e-mail to her Windows logon profile. ... (microsoft.public.outlook.contacts) Re: Error Message Outlook Express ... mail account, then try sending a message before you import any data from ... then the import was importing some bad ... How to Create and Use Identities in Outlook Express ... Empty Deleted Items folder daily. ... (microsoft.public.windows.inetexplorer.ie6_outlookexpress)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)