sharing encrypted files

[Dr. Dos]

I will add two XP-Pro SP2 machines that I want to give/share access of
WinXP encrypted files (three machines altogether and sharing on the LAN).
They share a workgroup and the subdirectories are sharable (simple file
sharing) in non-protected storage on the drives (not windows
suppressed/hidden such as "program files" and so forth.
I do not have a domain.
Can you help?
What are the steps?

Thank you.

 

[Doug Knox MS-MVP]

http://www.microsoft.com/windowsxp/using/security/expert/sharefilesefs.mspx
How to Share Files Using Encrypting File System

 

[Steven L Umbach]

In a non domain environment you can share EFS files for multiple users on
the same computer. Do not confuse that with accessing EFS files on a network
share which can not be done. Doug provided you with the link that has the
details.

Steve

 

[User Friendly]

In a non domain environment you can share EFS files for multiple users on
the same computer. Do not confuse that with accessing EFS files on a network
share which can not be done. Doug provided you with the link that has the
details.

Steve

Same guy here, dr. dos/user friendly.
Thanks.
I take Stephen's caveat and Doug's link.
I have not yet made the Win XP machine connections, so this
is preparation. It scares the whiz out of me worrying about
loosing the data that is encrypted. I MUST (by law) hide
this stuff (it resides on traveling notebooks).
You(se) guys are really great to help.
Thanks.

 

[Steven L Umbach]

Dr. Dos

You should be considered about losing access to encrypted data and may want
to consider configuring the computers to also use a Recovery Agent. If
possible it is always a good idea to have clear text backups of encrypted
data that is stored in a safe place. Also beware that as long as the EFS
private key or keys remain on the computer that can decrypt the files there
is a risk of the data being accessed by an attacker. Such risk is mostly
mitigated when domain users encrypt data on a laptop. For non domain users
you can reduce the risk by making sure that the user is forced to use a
complex password and storage of lm hash is disabled. Enforcing a 15
character password or pass phrase would almost surely mitigate the risk.

Steve

http://support.microsoft.com/default.aspx?scid=kb;EN-US;223316 --- EFS
best practices.