Solved

How copy encrypted files between 2 XP machines in a workgroup

Posted on 2006-06-26
15
478 Views
Last Modified: 2013-12-04
Hi-
I have multiple computers in a workgroup that use the same xp pro encryption certificate.

How do I copy and/ or access files across the network without having to decrypt the files?
0
Comment
Question by:SAbboushi
  • 6
  • 4
  • 2
  • +1
15 Comments
 
LVL 18

Expert Comment

by:Sam Panwar
ID: 16989180
0
 

Author Comment

by:SAbboushi
ID: 16989404
Hi Abs_jaipur - thanks for your post.

I did not find anything in your 3 links that tell me how to do what I want to do.

Are there any other thoughts?
0
 
LVL 18

Expert Comment

by:Sam Panwar
ID: 16989568
Hi,

Ok give me some time i will check and update you.
0
 
LVL 7

Accepted Solution

by:
ingetic earned 250 total points
ID: 16989960
have you tried robocopy (from windows 2003 ressource kit) with /B switch   ?
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 250 total points
ID: 16992304
0
 

Author Comment

by:SAbboushi
ID: 17396211
Hi ingetic-
I looked into this a few months ago - robocopy will not copy encrypted files over the wire in a workgroup.  I have read that the Vista version has some functionality that may do this; another user (like me) was trying to get the code to use on XP but seemed not to be making progress... see one of his posts here:

http://www.derkeiler.com/Newsgroups/microsoft.public.platformsdk.security/2006-05/msg00013.html

richrumble-
Thanks for your posts - it has lots of good information, but gives solutions for domains, WebDAV Web folders, and other non-Workgroup environments.  I need a solution for a workgroup network...
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 38

Expert Comment

by:Rich Rumble
ID: 17397763
0
 

Author Comment

by:SAbboushi
ID: 17398003
Hi rich-

THanks - The certs are on all machines - the problem is copying / accessing the files across the network.

I appreciate the time you've spent on this - The links you posted have to do with user migration from an old environment to a new environment (which I see as a "one-off" operation); I do not see a way that this will allow me to copy or access files across the workgroup network...

Judging from the posts and my internet research, it seems there may not be a viable solution for me - I believe that XP by design will not copy encrypted files over a workgroup network - I believe it might have to do with the workgroup network protocols(?) that cannot accomodate this and will only allow UNENCRYPTED files to be copied over the wire.  

If there were an automated process that would copy the files across the wire in an unencrypted state, I would settle for that because the target folder is encrypted which would result in the unencrypted file being automatically re-encrypted on the target; this would not solve my ability to directly access the files over the wire, just to copy them - but that would be a big step forward.  However, selecting files to manually unencrypt them to a temporary location on the source machine so that I can then copy those unencrypted files to an (encrypted) folder on the target machine is a real pain...
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 17398954
From the second link in my last post...
If the destination computer is running Windows Vista, Encrypting File System (EFS) certificates will be migrated automatically. However, by default, USMT fails if an encrypted file is found (unless you specify an /efs option). Therefore, you must specify /efs:copyraw with ScanState to migrate the encrypted files. Then when you run LoadState on the destination computer, the encrypted file and the EFS certificate will be automatically migrated. .
AND
  Important
You should use extreme caution when migrating encrypted files. If you migrate an encrypted file without also migrating the certificate, end users will not be able to access the file after the migration.   <--------

These tools will move the EFS files... you do have to use a username and password that is the same on both pc's in the workgroup, and or use an account that has the proper missions to copy the files on to a PC. I've tested the tools, they work as advertised. Good luck, always make back-up copies.
-rich
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 17398963
I also recommend TrueCrypt over M$ EFS any day of the week, less headaches, easier to work with/use and more secure to boot.
Truecrypt.com
-rich
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 17400546
ok...?
-rich
0
 

Author Comment

by:SAbboushi
ID: 17401498
Hi rich-

Seems we have a disconnect (you and I) - I need a solution for XP, not Vista - and as I said last post, what you quoted from is a migration tool - not something that believe will allow me to access and copy files between pcs in a workgroup.  I don't need to move the files, I need to access them or copy them (keep them synched).

Administrator - did you read the posts since comments were requested for cleanup?  Maybe you can explain the basis for the forced accept?

PS Rich - thanks for the reference to TrueCrypt - my real problem is keeping encrypted files synchronized between machines - do you know if synch programs will work with TrueCrypt?
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 17404179
The migration tools are for win2k, XP, 2003, and VISTA... please install and have a look, again, I've tested these on XP and they work as advertised.

The line only says " IF using vista..."
>If the destination computer is running Windows Vista, Encrypting File System (EFS) certificates will be migrated automatically
Otherwise, the cert's aren't moved automagicly.

Also, truecrypt data is always stored encrypted, it's never decrypted to disc, unless you copy the data out of the encryption container to a plain-text file yourself. The encrypted data is only unencrypted in memory, as opposed to EFS that creates plain-text verions of the data when it's opened, that data is stored on the disc, and "deleted" from the HD when that data is closed. If your PC loses power, the encrypted truecrypt data is still encrypted, just not loaded in memory anymore, so all you have to do is reopen, the encrypted data will then be placed in memory again.

Read "other issues" second paragraph
http://en.wikipedia.org/wiki/Encrypting_File_System#Recovery

http://en.wikipedia.org/wiki/Truecrypt
You can use any method you wish to move/copy truecrypt files, they do not lock you like M$ does/tries to. BTW, the back-up operators group can use a varity of tools to move efs data encrypted without the need for the key's to be present on the destination, however they do need to be present on the local pc where those files are stored. http://www.microsoft.com/technet/security/prodtech/windows2000/w2kccadm/dataprot/w2kadm21.mspx#EQH This whole article does apply, altough they say "back-up and restore" you can think of it as sync'ing...
-rich
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now