?
Solved

EFS Problem

Posted on 2007-10-09
5
Medium Priority
?
640 Views
Last Modified: 2011-10-03
Hi,

I have a standalone Windoes XP Pro laptop that is running SP2

I have enabled EFS on this PC on one of the folders.
I can see the certificate that is assigned for the user and i can open the file after it has been encrypted.

I have then exported the certificate without any problems.

If i delete the certificate from within the Certificates snapin and then reboot the laptop, i cannot get into the file, as access is denied......again this is what i would expect.

I then import the saved Cert back in and i can then open the file no problems....

alll good so far......

My question is the following.

If i remove the certificate and then try to import back in i put the password in as i did before, except i tick the box that say

ENABLE STRONG PRIVATE KEY PROTECTION. YOU WILL BE PROMPTED EVERY TIME THE PRIVATE KEY IS USED BY AN APPLICATION IF YOU ENABLE THIS OPTION.

I do this and a box comes up with IMPORTING A NEW PRIVATE EXCHANGE KEY

I set the security level to high, i then put another password in (i have tried the same and different passwords to the one i orginally exported the certificate with...
It says import is successful.

However instead of the encypted file then opening i get a access is denied...

i would expect it to prompt me for a password as i would imagine the key is accessed at this point?

Any ideas why this is not working???

Hope this makes sense.

Thanks
0
Comment
Question by:laytonblackham
4 Comments
 
LVL 9

Expert Comment

by:gtkfreak
ID: 20091066
Have you exported the Private Key when you exported your certificate? Did you export to a PFX file?
0
 

Author Comment

by:laytonblackham
ID: 20107822
Hi,

Yes it was exported and was exported to a PFX file.
0
 
LVL 4

Accepted Solution

by:
poseidoncanuck earned 2000 total points
ID: 20198432
Strong Key Protection is not compatible with EFS - it's not possible for Windows to be able to access the user's private key when it's been protected with the additional password.  EFS needs access to the private key in the LOCALSYSTEM context, but the strong key protection password can only be supplied in the user's context.

There's an extensive discussion of this issue here:
http://www.experts-exchange.com/Security/Operating_Systems_Security/Windows/Q_22103346.html
0
 
LVL 1

Expert Comment

by:Computer101
ID: 20363067
Forced accept.

Computer101
EE Admin
0

Featured Post

Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Worried about if Apple can protect your documents, photos, and everything else that gets stored in iCloud? Read on to find out what Apple really uses to make things secure.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Suggested Courses
Course of the Month13 days, 12 hours left to enroll

755 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question