Sharing EFS encrypted files over network

M

MRD

New Member
Hi:

I'm trying to access a network folder share with my notebook. The share contains EFS encrpyted files and is located on a PC that runs Vista Ultimate. My notebook runs Vista Entreprise. I can see the files and its sizes, but I cannot copy them to my notebook or open them directly from the share without getting an "access denied" error.

I installed the PC's encryption certificate on my notebook (as documented in Vista's help) but keep getting the "access denied" error.

I have no issues with copying or opening files on the network share that are not encrypted. The error message only appears when trying to copy/open encrypted files.

Any ideas?

Thanks,
Marc
 
Last edited:

My Computer

System One

Ask someone with access to the file to add your user account to the list of users who can decrypt the file.
 

My Computer

System One

  • Manufacturer/Model
    Hewlett Packard
    CPU
    3.40Ghz / 2.20Gz Duo Core
    Memory
    2GB / 3GB
    Hard Drives
    160 GB / 160 GB
Thanks for your reply.

My notebook's user account has "full control" permissions for the network folder share (on both network and file system levels) of the PC.
 

My Computer

System One

MRD said:
Thanks for your reply.

My notebook's user account has "full control" permissions for the network folder share (on both network and file system levels) of the PC.
Click to expand...

Yes, it has full control of the file but the file is encrypted. You need to get someone with the authority to decrypt the file to add your username to the list of users who can decrypt the file.

Full control permissions and decryption privileges are different :)

You should contact the system admin, im sure he/she would have the authority to give you access.

You can also right click on the file, click the advanced button and beside the box saying "Encrypt contents to secure data" there is a details button. Clicking on that should tell you the username of someone who can decrypt the file.
 

My Computer

System One

  • Manufacturer/Model
    Hewlett Packard
    CPU
    3.40Ghz / 2.20Gz Duo Core
    Memory
    2GB / 3GB
    Hard Drives
    160 GB / 160 GB
OK. I own both computers so I could add the username to the list of users who can decrypt the file. In fact, this procedure is described in Vista's help.

But what I want to do is share an entire folder with hundreds of encrypted files. And the problem is that the "Details" button (files properties > advanced attributes) grays out if you select more than one file.

Could it be that you are referring to the first section of Vista's help (see below), while I'm talking about the second section (marked in red)?

Share encrypted files

You can share encrypted files with another person, or between two computers.
To share encrypted files with another person (for example, by giving the files to another person on a USB flash drive), you'll need to put the other person's encryption certificate on your computer. This is a two-step process: the person you want to share the file with needs to first export their certificate and give it to you (for example, by sending it to you in e-mail), and then you need to import the certificate to your computer. After you have imported the certificate, you need to add it to the file you want to share.
If you have two computers and you want to be able to work with files that you have encrypted on both computers, you must first export your encryption certificate and encryption key from one computer, and then import it to the other computer.
Share encrypted files with another person

Follow the steps below to share files that you have encrypted with another person.
To export the Encrypting File System (EFS) certificate


  1. The person with whom you want to share files needs to export their EFS certificate and give it to you.
  2. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
  3. In the left pane, double-click Personal, click Certificates, and then click the EFS certificate that you want to export.
  4. Click the Action menu, point to All Tasks, and then click Export.
  5. In the Certificate Export wizard, click Next.
  6. Click No, do not export the private key, and then click Next.
  7. On the Export File Format page, click Next to accept the default format.
  8. The export process creates a file to store the certificate in. Type a name for the file and the location (include the whole path) or click Browse, navigate to a location, type a file name, and then click Save.
  9. Click Next, and then click Finish.
To import the EFS certificate


  1. After you get the EFS certificate from the person you want to share the file with, you need to import the certificate.
  2. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
  3. In the left pane, click the Personal folder.
  4. Click the Action menu, point to All Tasks, and click Import.
  5. In the Certificate Import wizard, click Next.
  6. Type the location of the file that contains the certificate, or click Browse, navigate to the file's location, click Open, and then click Next.
  7. Click Place all certificates in the following store, click Browse, click Trusted People, click OK, and then click Next.
  8. Click Finish.
To add the EFS certificate to the shared file

  1. Right-click the file you want to share, and then click Properties.
  2. Click the General tab, and then click Advanced.
  3. In the Advanced Attributes dialog box, click Details.
  4. In the dialog box that appears, click Add.
  5. Click the certificate, and then click OK in each of the four open dialog boxes.

Share encrypted files between two computers

Follow the steps below if you want to use your encrypted files on two computers. You need to first export the EFS certificate and related key on the computer that contains your encrypted files, and then import them on the computer to which you want to add the files.


To export the EFS certificate and key


  1. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
  2. In the left pane, double-click Personal, click Certificates, and then click the EFS certificate that you want to export.
  3. Click the Action menu, point to All Tasks, and then click Export.
  4. In the Certificate Export wizard, click Next.
  5. Click Yes, export the private key, and then click Next.
  6. Click Personal Information Exchange, and then click Next.
  7. Type the password you want to use, confirm it, and then click Next.
  8. The export process creates a file to store the certificate in. Type a name for the file and the location (include the whole path) or click Browse, navigate to a location, type a file name, and then click Save.
  9. Click Next, and then click Finish.
To import the EFS certificate and key


  1. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
  2. In the left pane, click Personal.
  3. Click the Action menu, point to All Tasks, and click Import.
  4. In the Certificate Import wizard, click Next.
  5. Type the location of the file that contains the certificate, or click Browse, navigate to the file's location, and then click Next.
    If you navigate to the right location, but don't see the certificate you are importing, then, in the list next to the File name box, click Personal Information Exchange.
  6. Type the password, select the Mark this key as exportable check box, and then click Next.
    Note

    • Do not select the Enable strong private key protection check box.
  7. Click Place all certificates in the following store, choose Personal, and then click Next.
  8. Click Finish.
 

My Computer

System One

You must log in or register to reply here.
Back
Top