Amit Rahul [MS]
December 14th 03, 02:09 PM
Jim, You can not create a domain using just home version of XP Pro. You will
need Windows server for that as it needs active directory for creating a
domain. Sharing of EFS protected file is possible between 2 machines if they
are part of the domain and your user account has a romaing profile.
-----
Amit Rahul [MS]
"This posting is provided "AS IS" with no warranties, and confers no
rights."
"Jim Felakos" > wrote in message
...
> Thanks for the reply. So can I set up the network to be a
> domain based as opposed to workgroup network, or is that
> impossible on the home version of WinXP pro? Would I need
> Windows server instead (which I am not going to do for my
> 2 computer home network)? In the end, am I simply forced
> to forego using EFS if I want to share the files? Thanks.
> >-----Original Message-----
> >Hi Jim,
> >While you have the right idea what you are trying to
> accomplish is not
> >exactly possible. On Windows NT style operating systems
> (like Windows XP)
> >each user account on a given system has a unique security
> Identifier called
> >a SID. So even if you make an identical username and
> password pair on 2
> >different systems the SID for the account will not be the
> same. Thus when
> >you import the "certificate" for EFS and attempt to
> access files, you have
> >the correct certificate but the incorrect SID and the
> system denies you
> >access. Domains do not have this problem as the SID comes
> from a domain
> >controller and is valid in the entire network. Standalone
> or workgroup
> >systems can not share or export the SIDs for use on other
> systems.
> >
> >The big reason for being able to export the certificate
> is so that if an
> >account becomes corrupted and the EFS recovery agent
> needs it you can
> >import it onto the same machine and recover the encrypted
> files.
> >
> >--
> >Curtis Koenig
> >Support Professional
> >Microsoft Clustering Technologies Support
> >
> >Microsoft Certified Systems Engineer
> >Microsoft Certified Systems Engineer - Security
> >
> >This posting is provided "AS IS" with no warranties and
> confers no rights.
> >Please reply to the newsgroup so that others may
> benefit. Thanks!
> >--------------------
> >>From: "Jim Felakos" >
> >>Subject: Encryption File System on home network
> >>Date: Thu, 14 Aug 2003 11:31:18 -0700
> >>
> >>I have two computers networked, each with WinXP Pro.
> They
> >>are members the same workgroup (not a server domain).
> On
> >>the laptop, I have encrypted the My Documents folder. I
> >>would like to be able to access this folder from the
> other
> >>computer. The folder is shared, and I can access test
> non-
> >>encrypted files from the directory, but not the
> encrypted
> >>ones. The computers are connecting fine with different
> >>users as I would like (namely my wife accesses the
> laptop
> >>with her user name on the laptop from the desktop).
> >>
> >>I have enabled the files to be accessed by each of our
> >>certificates (properties for the file and then modifying
> >>the details for encryption). I have exported and then
> >>imported her certificate from her user name on the
> laptop
> >>to her account on the desktop. At this point I am
> >>stumped. Any suggestions? Neither the documentation in
> >>help file nor in the knowledge base has been helpful.
> >>Thanks.
> >>
> >
> >.
> >
> ..
>
>
> .
>
>
need Windows server for that as it needs active directory for creating a
domain. Sharing of EFS protected file is possible between 2 machines if they
are part of the domain and your user account has a romaing profile.
-----
Amit Rahul [MS]
"This posting is provided "AS IS" with no warranties, and confers no
rights."
"Jim Felakos" > wrote in message
...
> Thanks for the reply. So can I set up the network to be a
> domain based as opposed to workgroup network, or is that
> impossible on the home version of WinXP pro? Would I need
> Windows server instead (which I am not going to do for my
> 2 computer home network)? In the end, am I simply forced
> to forego using EFS if I want to share the files? Thanks.
> >-----Original Message-----
> >Hi Jim,
> >While you have the right idea what you are trying to
> accomplish is not
> >exactly possible. On Windows NT style operating systems
> (like Windows XP)
> >each user account on a given system has a unique security
> Identifier called
> >a SID. So even if you make an identical username and
> password pair on 2
> >different systems the SID for the account will not be the
> same. Thus when
> >you import the "certificate" for EFS and attempt to
> access files, you have
> >the correct certificate but the incorrect SID and the
> system denies you
> >access. Domains do not have this problem as the SID comes
> from a domain
> >controller and is valid in the entire network. Standalone
> or workgroup
> >systems can not share or export the SIDs for use on other
> systems.
> >
> >The big reason for being able to export the certificate
> is so that if an
> >account becomes corrupted and the EFS recovery agent
> needs it you can
> >import it onto the same machine and recover the encrypted
> files.
> >
> >--
> >Curtis Koenig
> >Support Professional
> >Microsoft Clustering Technologies Support
> >
> >Microsoft Certified Systems Engineer
> >Microsoft Certified Systems Engineer - Security
> >
> >This posting is provided "AS IS" with no warranties and
> confers no rights.
> >Please reply to the newsgroup so that others may
> benefit. Thanks!
> >--------------------
> >>From: "Jim Felakos" >
> >>Subject: Encryption File System on home network
> >>Date: Thu, 14 Aug 2003 11:31:18 -0700
> >>
> >>I have two computers networked, each with WinXP Pro.
> They
> >>are members the same workgroup (not a server domain).
> On
> >>the laptop, I have encrypted the My Documents folder. I
> >>would like to be able to access this folder from the
> other
> >>computer. The folder is shared, and I can access test
> non-
> >>encrypted files from the directory, but not the
> encrypted
> >>ones. The computers are connecting fine with different
> >>users as I would like (namely my wife accesses the
> laptop
> >>with her user name on the laptop from the desktop).
> >>
> >>I have enabled the files to be accessed by each of our
> >>certificates (properties for the file and then modifying
> >>the details for encryption). I have exported and then
> >>imported her certificate from her user name on the
> laptop
> >>to her account on the desktop. At this point I am
> >>stumped. Any suggestions? Neither the documentation in
> >>help file nor in the knowledge base has been helpful.
> >>Thanks.
> >>
> >
> >.
> >
> ..
>
>
> .
>
>