Encryption Question

  • Thread starter Thread starter Stewart Berman
  • Start date Start date
S

Stewart Berman

I have a Windows XP Pro SP2 workstation that I use for email and accounting. I also have a laptop
that I synchronize to the workstation when I travel and then synchronize the workstation to the
laptop when I get back. I would like to encrypt the data on the laptop but not on the workstation.

I use XCopy to copy data between the workstation and the laptop. (Windows networking -- no domain
controller) I use the /G option (Allows the copying of encrypted files to destination that does not
support encryption.) when copying to the workstation from the laptop. This works fine for files.
But if a directory on the laptop are encrypted XCopy fails saying it cannot create the directory.
So I have had to walk the directory tree and unencrypt each directory while not unencrypting the
files under it. While this allows XCopy to copy undated files to the workstation it means I have to
remember to encrypt any new files on the workstation as they don't get the encrypted attribute from
the parent directory.

Is there anyway around this? Anyway I can keep the entire tree encrypted on the laptop and not on
the workstation and still copy updated files to the workstation?

Stu
 
From: "Stewart Berman" <[email protected]>

| I have a Windows XP Pro SP2 workstation that I use for email and accounting. I also have
| a laptop that I synchronize to the workstation when I travel and then synchronize the
| workstation to the laptop when I get back. I would like to encrypt the data on the laptop
| but not on the workstation.
|
| I use XCopy to copy data between the workstation and the laptop. (Windows networking --
| no domain controller) I use the /G option (Allows the copying of encrypted files to
| destination that does not support encryption.) when copying to the workstation from the
| laptop. This works fine for files. But if a directory on the laptop are encrypted XCopy
| fails saying it cannot create the directory. So I have had to walk the directory tree and
| unencrypt each directory while not unencrypting the files under it. While this allows
| XCopy to copy undated files to the workstation it means I have to remember to encrypt any
| new files on the workstation as they don't get the encrypted attribute from the parent
| directory.
|
| Is there anyway around this? Anyway I can keep the entire tree encrypted on the laptop
| and not on the workstation and still copy updated files to the workstation?
|
| Stu

How about storing the data in strong password protected ZIP files ?

WinZip v9.0 Sr1 supports 256 bit AES encryption.

http://www.winzip.com/
 
Two reasons:
1. XP encryption is transparent to all applications. Once the files are on the laptop everything
works. I don't think that is true for a zipped directory tree.
2. Updating would be a problem in either direction.

Stu
 
From: "Stewart Berman" <[email protected]>

| Two reasons:
| 1. XP encryption is transparent to all applications. Once the files are on the laptop
| everything works. I don't think that is true for a zipped directory tree.
| 2. Updating would be a problem in either direction.

Transparent maybe, problematic -- yes. As you have seen.

Updating would not be a problem. Extract file edit and then move file back into ZIP file.
 
Two reasons:
1. XP encryption is transparent to all applications. Once the
files are on the laptop everything
works. I don't think that is true for a zipped directory
tree.
2. Updating would be a problem in either direction.

Stu


email and accounting. I also have
travel and then synchronize the
laptop. (Windows networking --
have to remember to encrypt any
encrypted attribute from the parent
Click to expand...

Are you able to copy these files using r. click > copy and then paste.
Also, are you running xcopy on the desktop computer? If so this would
explain it. Easyist "work around" would be to exprot the encyption
certificate from your laptop to your workstation. This 5 part guide
should explain every thing you need to know.
http://www.practicalpc.co.uk/computing/windows/xpencrypt1.htm
 
The command line is:
xcopy C:\users\shared U:\Users\shared /c /f /g /d /e /k /h /y /z

The /e switch copies all directories including empty ones.

The problem occurs any of the directories are encrypted on the notebook and they exist on the
workstation. The xcopy command throws an error saying it cannot create the first one and stops. I
am running the command from the notebook. If the directory on the notebook is not encrypted
everything works fine.

Stu
 
Have you considered using window's offline files feature? You can set
the offline cache to be encrypted I do believe...

HTH,

-Roy
 
Have a look at this:

http://cc.jlab.org/docs/services/windows/offline.html

The idea is that you access the files from your laptop (while connected
to the network), and mark them as 'available offline'. Windows then
copies them to an internal cache on the laptop, but makes it look as
though they are still available at their connected location (e.g.,
\\desktop_machine\share\folder\) even when you're not connected.

The actual locations of the cached files on the laptop are sort of
obfuscated (they get nonsense names & are stored under %windir%\csc, if
I recall correctly), but if you're using XP, you can also encrypt them.
See:

http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/encryptoffline.mspx

for details.

HTH,

-Roy
 
Hi Stu,
I have the same problem. However, min problem came after I pulled a registry
switch that turns off EFS on my Win Server 2003.
If I just copy one file with the xcopy /g switch, no problem. But copying an
entire C:\data to a network drive is not possible. I get the error:
"File creation error - The specified file could not be encrypted"

Anyway, just wanted to let you know that you're not alone with this problem.
I would be tremendously grateful if you could let me know if you find a
solution for this problem. I can be reached at (e-mail address removed)

Kim
 
My best guess would be you are trying to copy a file
with the system attribute set. According to M$, EFS
will not encrypt files with the system bit set (to prevent
you from encrypting files that are needed at startup before
the decryption is available .. see foot, shoot same ;-) )

mikey
 
Hi Mike,
Thanks for trying, but there are no system files involved.
The files and folder only have the A and E attribute set.
I have tried with both robocopy and xcopy, and none of them can do it,
although xcopy should be able to do it with the /g switch on. Anyway, here's
what happens:

C:\>robocopy c:\test v:\test\ /E /B

This produces this error message:

-------------------------------------------------------------------------------
ROBOCOPY :: Robust File Copy for Windows :: Version XP010
-------------------------------------------------------------------------------

Started : Wed Nov 30 15:30:42 2005

Source : c:\test\
Dest : v:\test\

Files : *.*

Options : *.* /S /E /COPY:DAT /B /R:1000000 /W:30

------------------------------------------------------------------------------

3 c:\test\
New Dir 1 c:\test\test folder\
2005/11/30 15:30:42 ERROR 5 (0x00000005) Creating Destination Directory
v:\test\
test folder\
Access is denied.

New File 3.2 m testfile.exe
2005/11/30 15:30:42 ERROR 5 (0x00000005) Creating Destination Directory
v:\test\
test folder\
Access is denied.


------------------------------------------------------------------------------

Total Copied Skipped Mismatch FAILED Extras
Dirs : 2 1 1 0 0 0
Files : 4 0 3 0 1 0
Bytes : 17.42 m 0 14.16 m 0 3.25 m 0
Times : 0:00:00 0:00:00 0:00:00 0:00:00

Ended : Wed Nov 30 15:30:42 2005

I orginally thought my command-line should look like this:
robocopy c:\test v:\test\ /E /PURGE /M
But that doesn't work either.

For xcopy this is what happens:

C:\>xcopy c:\test v:\test\ /m /d /e /r /c /q /g /h /y
File creation error - The specified file could not be encrypted.

Unable to create directory - V:\test
0 File(s) copied

/Kim
 
Hmmm - I sort of remember reading something recently about
a problem creating the top level directory involving EFS (but have
no idea where that was). You might try creating the top level
then going down one level on each side and see if that works.
Other than that , I don't have the answer.

mikey
 
Thanks but the description doesn't mention anything about handling encrypted files.

Stu
 
You are right.
I tested it and it failed.
Barring that problem though I have enjoyed using it.
 
Back
Top