XP2SP2 File Encryption with Workgroups (no AD)

  • Thread starter Thread starter Bill Cohagan
  • Start date Start date
B

Bill Cohagan

I would like to be able to encrypt a file/folder on one machine and access
it from another machine on the LAN; however this is in a workgroup
environment; i.e., there is no Active Directory and no domain. I'd hoped
that the normal workgroup logon (using same password and Userid) mechanism
would work, but apparently it does not. When I try to access the encrypted
file from another machine (while logged on using the same Userid and
password) I get an "access denied" message.

Is there any way to use file encryption in a workgroup environment?

Thanks in advance,
Bill
 
Bill said:
I would like to be able to encrypt a file/folder on one machine and access
it from another machine on the LAN; however this is in a workgroup
environment; i.e., there is no Active Directory and no domain. I'd hoped
that the normal workgroup logon (using same password and Userid) mechanism
would work, but apparently it does not. When I try to access the encrypted
file from another machine (while logged on using the same Userid and
password) I get an "access denied" message.

Is there any way to use file encryption in a workgroup environment?

Thanks in advance,
Bill
Click to expand...
This links to the Chapter on EFS in the WinXP Resource Kit.
http://tinyurl.com/4ucsp
 
Nomad
Thanks for the pointer; however that appears to be quite a rabbit hole to
go down. I'm willing to dive in if there's hope, but a cursory scan doesn't
seem to rule in (or out) working with workgroups rather than domains. If you
happen to know the answer to the original question I'd appreciate hearing
back. If not then thanks anyway -- and I'll see if I can decode the docs.

Regards,
Bill
 
You cannot share encrypted files between WXP computers in a workgroup. An AD
environment is required and the computer that is the "server" must be trusted
for delegation.

Thanks.
Pat
 
Pat
Thanks for the response. Not the answer I was hoping for, but at least I
don't have to wade through the docs!

Regards,
Bill
 
<snip>
[Quoted from the resource kit]
"Remote EFS operations on files stored on network file shares are
possible in Windows 2000 or later domain environments only."
and
"The computer must be a domain member in a domain that uses Kerberos
authentication because impersonation relies on Kerberos authentication
and delegation."

Sorry if I seemed obtuse simply posting a link earlier, but EFS has so
many "gotchas", it really pays to understand what's going on in the
background, especially where disaster recovery of encrypted files is
concerned.
 
Back
Top