If I encrypt a USB drive using Windows 2008 EFS, will I be able to view the the contents of the drive on another PC (is there a way to provide credentials?)? The Windows 2008 system is using Windows account and not domain accounts.
SnapOverflow
If I encrypt a USB drive using Windows 2008 EFS, will I be able to view the the contents of the drive on another PC (is there a way to provide credentials?)? The Windows 2008 system is using Windows account and not domain accounts.
You must export the EFS private key from the first machine using
certmgr.mscand import it to the second machine. Only then you will be able to decrypt files. (Passwords and anything else do not matter.)But having two EFS private keys on one machine can really confuse both the user and the OS...
A better solution would be to use full-drive encryption (such as TrueCrypt, which is cross-platform) - this will also hide the filenames, unlike EFS.
If you only want to encrypt single files, GnuPG (or the commercial version, PGP) may be useful (though it's more suited for email encryption).
Not unless they have shared keys, this can be setup but is a massive faff, might be best to use PGP or similar instead to be honest.
If I remember correctly (in 2003 PKI), when you set up your CA, you have the option to create a "master" certificate that will allow you (for emergency purposes) to unlock any files encrypted with a certificate assigned by that CA.