Encryption File System on home network

  • Thread starter Thread starter Jim Felakos
  • Start date Start date
J

Jim Felakos

I have two computers networked, each with WinXP Pro. They
are members the same workgroup (not a server domain). On
the laptop, I have encrypted the My Documents folder. I
would like to be able to access this folder from the other
computer. The folder is shared, and I can access test non-
encrypted files from the directory, but not the encrypted
ones. The computers are connecting fine with different
users as I would like (namely my wife accesses the laptop
with her user name on the laptop from the desktop).

I have enabled the files to be accessed by each of our
certificates (properties for the file and then modifying
the details for encryption). I have exported and then
imported her certificate from her user name on the laptop
to her account on the desktop. At this point I am
stumped. Any suggestions? Neither the documentation in
help file nor in the knowledge base has been helpful.
Thanks.
 
Hi Jim,
While you have the right idea what you are trying to accomplish is not
exactly possible. On Windows NT style operating systems (like Windows XP)
each user account on a given system has a unique security Identifier called
a SID. So even if you make an identical username and password pair on 2
different systems the SID for the account will not be the same. Thus when
you import the "certificate" for EFS and attempt to access files, you have
the correct certificate but the incorrect SID and the system denies you
access. Domains do not have this problem as the SID comes from a domain
controller and is valid in the entire network. Standalone or workgroup
systems can not share or export the SIDs for use on other systems.

The big reason for being able to export the certificate is so that if an
account becomes corrupted and the EFS recovery agent needs it you can
import it onto the same machine and recover the encrypted files.

--
Curtis Koenig
Support Professional
Microsoft Clustering Technologies Support

Microsoft Certified Systems Engineer
Microsoft Certified Systems Engineer - Security

This posting is provided "AS IS" with no warranties and confers no rights.
Please reply to the newsgroup so that others may benefit. Thanks!
--------------------
 
Thanks for the reply. So can I set up the network to be a
domain based as opposed to workgroup network, or is that
impossible on the home version of WinXP pro? Would I need
Windows server instead (which I am not going to do for my
2 computer home network)? In the end, am I simply forced
to forego using EFS if I want to share the files? Thanks.
 
Jim,
Unfortunatly Windows XP home can nod be part of domain, and yes you would
need a Domain Controller for EFS to work the way you want.
--
Curtis Koenig
Support Professional
Microsoft Clustering Technologies Support

Microsoft Certified Systems Engineer
Microsoft Certified Systems Engineer - Security

This posting is provided "AS IS" with no warranties and confers no rights.
Please reply to the newsgroup so that others may benefit. Thanks!

--------------------
 
Back
Top