Access Windows EFS file from Mac

Posted on 2009-04-23
Last Modified: 2013-11-12
[How] can I access from my MBP a shared file residing on WIndows XP encrypted via EFS?

I mounted the volume on the Mac using the WIndows user name and password, so I'm somehow imagining that gives the same authority as seeing the file on Windows.  And that the decryption will occur on the Windows machine, with the data transmitted to the Mac in the clear.

From the Mac, I can see the file info (which EFS doesn't affect), but trying to open it gives "The operation cannot be completed because you do not have sufficient privileges for some of the items."  (I think things are mounted properly as I can open the file if I go over to Windows and decrypt it first.)

Question by:DCraft99
    LVL 33

    Accepted Solution

    you can't.

    EFS is a microsoft-specific technology, which uses a rare form of encryption (DESX, I think MS invented it themselves) wrappered by otherwise industry-standard X509-based (RSA) encryption (there is an extended flag for EFS usage, but that's literally just a flag, it has no practical effect other than telling windows that the key is an EFS one)

    there is a data recovery tool from that might run in some sort of emulation environment under the mac, but I haven't heard of such usage.

    Author Comment

    I'm pretty sure EFS uses AES encryption by default as of XP SP2 [].

    And, I don't think that's relevant for the approach I'm imagining, where the encryption/decryption is done on the XP side of the share, with the data transmitted in the clear.

    It may still be the case that it can't be done, if XP doesn't support EFS and sharing in the cross-platform way I'm imagining.
    LVL 33

    Expert Comment

    by:Dave Howe
    I am not aware of EFS using anything but DESX by default - certainly, that is still true in the XP SP3 machines I have. That said, you *can* force a different crypto algo to be used, but its not particularly easy to do so.

    EFS files are not sent across a share already decrypted - the receiving system is supposed to decrypt them. However, if you move or copy EFS encrypted files onto a non-ntfs volume (FAT32 or similar) they will be decrypted before they are transferred.

    Truecrypt volumes, when mounted and shared, are shared as unencrypted files - if that helps any.

    Author Comment

    I think you're right that it can't be done.  Obviously not the answer I was hoping for, but then, I don't always get what I hope for :-).

    I'm unfamiliar with DESX but have trouble reconciling your statement that EFS uses it by default with Microsoft's (per above reference) that EFS uses 128-bit AES by default.  No matter.  FWIW, I thought Microsoft did a lot right with EFS (I'm not generally a MS fan).

    I'll give up on sharing between my Mac and legacy Windows in any transparent way, and just share decrypted files.

    (Sorry for the delay in responding.  I just got out of a rabbit hole from a non-bootable system when Partition Magic encountered an error during partition resizing.  Having now read some on Experts Exchange about PM, I'm thinking that's my last use of it.  Yes, I did back up user files first, and it would still have been a pain to rebuild.  A bootable CD with chkdsk eventually worked.)

    Thanks for you help.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    This is a short article about OS X KeRanger, and what people can do to get rid of it.
    In this article we discuss how to recover the missing Outlook 2011 for Mac data like Emails and Contacts manually.
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    9 Experts available now in Live!

    Get 1:1 Help Now