Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 485
  • Last Modified:

How copy encrypted files between 2 XP machines in a workgroup

Hi-
I have multiple computers in a workgroup that use the same xp pro encryption certificate.

How do I copy and/ or access files across the network without having to decrypt the files?
0
SAbboushi
Asked:
SAbboushi
  • 6
  • 4
  • 2
  • +1
2 Solutions
 
SAbboushiAuthor Commented:
Hi Abs_jaipur - thanks for your post.

I did not find anything in your 3 links that tell me how to do what I want to do.

Are there any other thoughts?
0
 
Sam PanwarSr. Server AdministratorCommented:
Hi,

Ok give me some time i will check and update you.
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
ingeticCommented:
have you tried robocopy (from windows 2003 ressource kit) with /B switch   ?
0
 
SAbboushiAuthor Commented:
Hi ingetic-
I looked into this a few months ago - robocopy will not copy encrypted files over the wire in a workgroup.  I have read that the Vista version has some functionality that may do this; another user (like me) was trying to get the code to use on XP but seemed not to be making progress... see one of his posts here:

http://www.derkeiler.com/Newsgroups/microsoft.public.platformsdk.security/2006-05/msg00013.html

richrumble-
Thanks for your posts - it has lots of good information, but gives solutions for domains, WebDAV Web folders, and other non-Workgroup environments.  I need a solution for a workgroup network...
0
 
SAbboushiAuthor Commented:
Hi rich-

THanks - The certs are on all machines - the problem is copying / accessing the files across the network.

I appreciate the time you've spent on this - The links you posted have to do with user migration from an old environment to a new environment (which I see as a "one-off" operation); I do not see a way that this will allow me to copy or access files across the workgroup network...

Judging from the posts and my internet research, it seems there may not be a viable solution for me - I believe that XP by design will not copy encrypted files over a workgroup network - I believe it might have to do with the workgroup network protocols(?) that cannot accomodate this and will only allow UNENCRYPTED files to be copied over the wire.  

If there were an automated process that would copy the files across the wire in an unencrypted state, I would settle for that because the target folder is encrypted which would result in the unencrypted file being automatically re-encrypted on the target; this would not solve my ability to directly access the files over the wire, just to copy them - but that would be a big step forward.  However, selecting files to manually unencrypt them to a temporary location on the source machine so that I can then copy those unencrypted files to an (encrypted) folder on the target machine is a real pain...
0
 
Rich RumbleSecurity SamuraiCommented:
From the second link in my last post...
If the destination computer is running Windows Vista, Encrypting File System (EFS) certificates will be migrated automatically. However, by default, USMT fails if an encrypted file is found (unless you specify an /efs option). Therefore, you must specify /efs:copyraw with ScanState to migrate the encrypted files. Then when you run LoadState on the destination computer, the encrypted file and the EFS certificate will be automatically migrated. .
AND
  Important
You should use extreme caution when migrating encrypted files. If you migrate an encrypted file without also migrating the certificate, end users will not be able to access the file after the migration.   <--------

These tools will move the EFS files... you do have to use a username and password that is the same on both pc's in the workgroup, and or use an account that has the proper missions to copy the files on to a PC. I've tested the tools, they work as advertised. Good luck, always make back-up copies.
-rich
0
 
Rich RumbleSecurity SamuraiCommented:
I also recommend TrueCrypt over M$ EFS any day of the week, less headaches, easier to work with/use and more secure to boot.
Truecrypt.com
-rich
0
 
Rich RumbleSecurity SamuraiCommented:
ok...?
-rich
0
 
SAbboushiAuthor Commented:
Hi rich-

Seems we have a disconnect (you and I) - I need a solution for XP, not Vista - and as I said last post, what you quoted from is a migration tool - not something that believe will allow me to access and copy files between pcs in a workgroup.  I don't need to move the files, I need to access them or copy them (keep them synched).

Administrator - did you read the posts since comments were requested for cleanup?  Maybe you can explain the basis for the forced accept?

PS Rich - thanks for the reference to TrueCrypt - my real problem is keeping encrypted files synchronized between machines - do you know if synch programs will work with TrueCrypt?
0
 
Rich RumbleSecurity SamuraiCommented:
The migration tools are for win2k, XP, 2003, and VISTA... please install and have a look, again, I've tested these on XP and they work as advertised.

The line only says " IF using vista..."
>If the destination computer is running Windows Vista, Encrypting File System (EFS) certificates will be migrated automatically
Otherwise, the cert's aren't moved automagicly.

Also, truecrypt data is always stored encrypted, it's never decrypted to disc, unless you copy the data out of the encryption container to a plain-text file yourself. The encrypted data is only unencrypted in memory, as opposed to EFS that creates plain-text verions of the data when it's opened, that data is stored on the disc, and "deleted" from the HD when that data is closed. If your PC loses power, the encrypted truecrypt data is still encrypted, just not loaded in memory anymore, so all you have to do is reopen, the encrypted data will then be placed in memory again.

Read "other issues" second paragraph
http://en.wikipedia.org/wiki/Encrypting_File_System#Recovery

http://en.wikipedia.org/wiki/Truecrypt
You can use any method you wish to move/copy truecrypt files, they do not lock you like M$ does/tries to. BTW, the back-up operators group can use a varity of tools to move efs data encrypted without the need for the key's to be present on the destination, however they do need to be present on the local pc where those files are stored. http://www.microsoft.com/technet/security/prodtech/windows2000/w2kccadm/dataprot/w2kadm21.mspx#EQH This whole article does apply, altough they say "back-up and restore" you can think of it as sync'ing...
-rich
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

  • 6
  • 4
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now