Re: Problem with Certificate and Encryption

From: Drew Cooper [MSFT] (dcoop_at_online.microsoft.com)
Date: 01/06/04 

Date: Mon, 5 Jan 2004 18:19:25 -0800

The little USB drive can be formatted NTFS? Interesting. I had only seen
FAT before. Cool!

Steve isn't talking about user names and passwords. He means certificates
and their private keys. This says it's for Server 2003, but it applies
equally to XP:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/proddocs/standard/encrypt_howto_backup_certificate.asp

Adding users is going to be a little complicated unless the machines are in
a domain (thus can look up users in the AD) and can guarantee that the users
will always use the same certificates.

If you have enough room on your USB devices you might want to consider
redirecting the user's application data - point it at a directory on the
removable device. Then the keys will physically roam with the user. The
downside is that you'd need to have the USB dongle plugged in during the
user's entire session (meaning "log on until log off" when I say "session"
here). 

-- 
Drew Cooper [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.
"Pavel" <Atin90@hotmail.com> wrote in message
news:%23fOWLC$0DHA.536@tk2msftngp13.phx.gbl...
> Thanks Steven,
>
> All the machines are XP. I am not using the same user names on the other
> machines, but I did test it few times using the same name and password
with
> out and change, it still did not work. The encryption method seem to be
same
> but I think I better check one more time.
>
> -- 
> Pavel
>
>
> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
> news:MsnKb.68332$I07.312028@attbi_s53...
> > I am more familiar with W2K, but I would check that the private key was
> exported with
> > the certificate [use mmc certificate snapin] and that you are using the
> same user
> > logon name and password on the machine you are having a problem with as
> the machine
> > the files were copied from. Windows 2000 machines may not be able to
> decrypt files
> > encrypted on XP Pro since by default XP Pro [at least SP1 I believe]
uses
> a stronger
> > encryption method.   --- Steve
> >
> > http://support.microsoft.com/?id=329741
> >
> > "Pavel" <Atin90@hotmail.com> wrote in message
> > news:OZhvKq%230DHA.2324@TK2MSFTNGP09.phx.gbl...
> > >
> > > I have been unable to figure out why one of the PC's that I maintain
is
> > > refusing to cooperate. I have a need to transport sensitive data from
> one PC
> > > to another, not at the same location and there is no access to
internet
> for
> > > some of them. Our solution was to use USB PenDrive formatted with NTFS
> and
> > > then files placed on it are Encrypted using Windows native encryption.
> > > Access to these files is then given by one time installation of
> Certificate
> > > of Authenticity that comes from the originating PC's
> > >
> > >   The problem is that when I create Certificate of Authenticity on one
> > > particular PC and then install this certificate on other PC's, any
> Encrypted
> > > file that comes from the source where the Certificate was created, I
am
> > > unable to open such file. It acts as if no certificate exists. The
only
> way
> > > I am able to read this file is if and when the file is still at the
> source,
> > > I add the 'Users Who Can Transparently Access This File' option with
the
>
> > > name of the user that will be permitted to open this file under
> Encryption
> > > Details. This is not desirable since this option is not available
under
> > > Encrypted Folder, which could then set every file in this folder to
this
> > > state.
> > >
> > > With all other PC's that I work with, the Certificate is sufficient
with
> the
> > > exception of this one.
> > >
> > > I do not know if this will make any sense to whom may reads this.
> > >
> > > -- 
> > > Pavel
> > >
> > >
> > >
> >
> >
>
>

Relevant Pages

  • Re: Problem with Certificate and Encryption
    ... the 'format' does not offer NTFS but if you use 'CONVERT ... Certificate, I have deleted it and had the system re-create new one. ... > Adding users is going to be a little complicated unless the machines are in> a domain and can guarantee that the users> will always use the same certificates. ... The encryption method seem to be> same ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Problem with Certificate and Encryption
    ... All the machines are XP. ... The encryption method seem to be same ... > the certificate and that you are using the ... >> of Authenticity that comes from the originating PC's ...
    (microsoft.public.windowsxp.security_admin)
  • RE: Questions regarding EFS
    ... Actually, it's not at all like adding a recovery agent, nor is the ... UserBob has an EFS certificate. ... Symmetric keys are used for file encryption ... Option 1- UserBob has UserJoe log on to Ripped2 and create a file, ...
    (Focus-Microsoft)
  • Re: NTFS File Encryption Question
    ... Unfortunately, they are not written in "novice english", but it's supposed to be possible to import the certificate and key and then be able to decrypt the file on another computer. ... I need to be able to move that USB drive to my laptop and be able to access the EFS encrypted files on the laptop. ... I have attempted to export the certificate and keys from the desktop and import them onto the laptop. ... Now, however, I wanted to be able to read those with my laptop, so I thought I would export the encryption keys to a ".pfx" file, which I did and put on the FAT partition, protected with a password. ...
    (microsoft.public.windowsxp.general)
  • RE: Help Newbie..Upload file from SQL Server
    ... Enable SSL Encryption for SQL Server 2000 with Microsoft Management ... Steps to Use to Install a Certificate on a Server with Microsoft Management ... Steps to Enable Encryption for a Specific Client ...
    (microsoft.public.sqlserver.programming)
Loading