Hi Everybody I was trying to help somebody else where I felt I need to know more. Question: Using file & folder encryption in Windows 2000 & Xp Pro, does it mean that nobody other than the permitted users can access the files? If say a permitted user Emails an encrypted file to another computer can he access that file from the second computer later?? Thanks for you ideas Positron

I have Win ME & sent an encrypted file via E-mail to a friend. He could not open it unless he used the password that I had set.

efs and compression on ntfs volumes shouldn't corrupt the file when transferred to fat32 ... only ntfs can read efs and compression, so on fat it will be decrypted. the efs works with private and public keys so it will restrict access to other user accounts. Just like restriction policies, if you employ encryption on files and folders (using private keys) and then format your pc, you could be serious screwed up trying to access the file. hope that helps something.

Thank you all But the main question still remains let me make it more precise: If I encrypt a file on my NTFS volume under XP and Email it to another pc also with NTFS volume and XP, can I open the file from the second pc?

I never tried doing that but quite obviously you should decrypt it first before mailing. If you are using a private key for encryption , the person opening the file should not be able to, unless you send them the key. It would be safer and much less headache to just decrypt and email.

I have not worked with either of Windows 2000 or Xp pro which allow encryption, so my knowledge is based on the information I collect. My question now is: in order to open an encrypted file in an EFS volume what do you have to do? Do you need a password? Or by entering into a certain user account you would automatically have the private key without knowing it?

Ok .. to make it simple, here is info from xp pro help files ... >>To back up EFS keys To back up default recovery keys to a floppy disk Click Start, click Run, type mmc, and then click OK. On the File menu, click Add/Remove Snap-in, and then click Add. Under Add Standalone Snap-in, click Certificates, and then click Add. Click My user account, and then click Finish. Click Close, and then click OK. Double-click Certificates - Current User, double-click Personal, and then double-click Certificates. Click the certificate that displays the words File Recovery in the Intended Purposes column. Right-click the certificate, point to All Tasks, and then click Export. Follow the instructions in the Certificate Export Wizard to export the certificate and associated private key to a .pfx file format. Notes This operation must be performed by the recovery agent account that has the recovery certificate and private key in their private store. Before making any changes to the default recovery policy, be sure to secure the default recovery private key. The default recovery keys in a domain are stored on the first domain controller for the domain. The domain administrator is the default recovery agent. For more information about using Certificates in MMC, see Related Topics. >>To recover files with recovery agent To recover an encrypted file or folder if you are a designated recovery agent Use Backup or another backup tool to restore a user's backup version of the encrypted file or folder to the computer where your file recovery certificate and recovery key are located. Open Windows Explorer. Right-click the file or folder and then click Properties. On the General tab, click Advanced. Clear the Encrypt contents to secure data check box. Make a backup version of the decrypted file or folder and return the backup version to the user. Notes To open Windows Explorer, click Start, point to All Programs, point to Accessories, and then click Windows Explorer. You can return the backup version of the decrypted file or folder to the user as an e-mail attachment, on a floppy disk, or on a network share. You can also physically transport the recovery agent's private key and certificate, import the private key and certificate, decrypt the file or folder, and then delete the imported private key and certificate. This procedure exposes the private key more than the procedure above but does not require any backup or restore operations or file transportation. If you are the recovery agent, use the Export command from Certificates in Microsoft Management Console (MMC) to export the file recovery certificate and private key to a floppy disk. Keep the floppy disk in a secure location. Then, if the file recovery certificate or private key on your computer is ever damaged or deleted, you can use the Import command from Certificates in MMC to replace the damaged or deleted certificate and private key with the ones you have backed up on the floppy disk. For more information about using Certificates in MMC, see Related Topics >>Recover files without certificate (aka you're screwed without backup) To recover an encrypted file or folder without the file encryption certificate Open Backup. Use Backup to make a copy of the file in case of loss or damage. Send the original encrypted file to the designated recovery agent. Have the recovery agent use their recovery certificate and private key to decrypt the file. Have the recovery agent send the decrypted file back to you, using any file transfer method that is desired. Notes To start Backup, click Start, point to All Programs, point to Accessories, point to System Tools, and then click Backup. The administrator of the local computer is the default recovery agent, unless you are in an Active Directory domain environment. In an Active Directory domain environment, the administrator that initially logged on to the first domain controller is the default recovery agent. Sending the file to the designated recovery agent can be done in a number of ways, including backing up the file up to tape or floppy disk. Files backed up using Backup or any other backup tool retain their encryption while in their backup storage location. The original files can be decrypted or modified without affecting the encrypted state of the backup copies. You can recover an encrypted file or folder yourself if you have kept a backup copy of your file encryption certificate and private key in a .pfx file on a floppy disk. Use the import command from Certificates in Microsoft Management Console (MMC) to import the .pfx file from the floppy disk into the Personal store. For more information about using Certificates in MMC, see Related Topics. Given all that, you can see why 3rd party encryption software is a must have if you want proper encryption ...