I have done it with XP to XP. It was very cumbersome to set up and I was
afraid that sooner or later data would be lost. I decided I didn't really
need encryption. With Vista you have the added problem of making sure the
certificate gets into the right store. When importing the certificate you
have run certmgr.msc using Run as administrator and make sure the
certificate gets into the right physical location.
Make sure you are logged in as the user who will need to decrypt the files.
They will need to be in the local administrators group at this point.
In Start Search type "certmgr.msc"
Right click on it at the top of the list and pick Run as administrator.
From the View menu pick Options
Put a Check beside Physical certificate stores.
I'm guessing which store to put it in. This next part could be wrong.
Expand Personal => Registry => Certificates
Right click on Certificates and pick Import.
Browse to the certificate and import it.
That user should now be able to decrypt the files. If that doesn't work then
I've got the store location wrong.
You should be able to remove the user from the local administrators group
now if you want to. The reason they need to be there when importing is so
certmgr.msc runs in the right context. If they are a standard user and you
pick Run as administrator the cert will get imported into the user profile
that you specify at the UAC prompt. Let me know if this works as I haven't
Microsoft MVP - Shell/User
"Jake" <Jaker00at@Yahoo.com> wrote in message
> Thanks Kerry for the response. I was afraid that would be the answer.
> I'm not opposed to using a 3rd party solution but I know of none.
> What I can't understand is why this doesn't work as it's documented.
> Why can't I open or decrypt these files EVEN AFTER importing the key
> that was used to encrypt them? I've followed instructions step-by-step
> from Microsoft and other sources with the same results. The
> documentation states it can be done and I would like to know how. At the
> very least the Recovery Agent should be able to do this.. But it can't.
> I'm not illiterate with regard to IT Adminstration, Active Directory,
> etc. I manage IT infrastructures for 3 small businesses and have 10
> years experience with supporting corporate IT environments so as you can
> imagine this is particuarly frustrating for me to not be able to get to
> work. The documentation says it can be done and yet I've not seen a
> single example of how to restore encrypted files to an alternate PC, Is
> it even possible?
> What's missing from my test? Can you enlighten me a bit more so I can
> learn this stuff and why it isn't working, instead of just saying that
> it's not suitable for me?
> Can you list 2-3 3rd party products that I can research?
> "Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in
>> EFS works but it is not really designed to do what you want. It can be
>> made to do this but as you have found out it is better suited to a
>> domain environment. I recommend you look for a 3rd party application
>> to do what you want.