How can I transfer a certificate from an account to another on Windows

windows windows-server-2012 encryption windows-service certificate
5,267

The easiest way to do what you want it probably to make use of the Encrypted File Sharing option present for EFS-encrypted files.

You can enable EFS file sharing in an encrypted file’s advanced properties, which you can access from the Advanced button on the General tab of a file’s properties. Before you can share an encrypted file, the file must obviously be encrypted. If a file is encrypted, you will notice that the Details button in the file’s Advanced properties is available. Pressing this button brings up the “Encryption Details for…” dialog box. (By the way, in Windows Vista this dialog box is titled “User Access to”). From this dialog box you can share an encrypted file with other users. The sharing of an EFS encrypted file is not an explicit privilege of the user account that encrypted the file and shared it with another user. For example, Jan may have encrypted the file and decided to share it with Katrien. Katrien on her turn may then have decided to share it with Wim. The only condition is that the user that you want to give access to an encrypted file has a valid EFS certificate that's stored either in the local certificate store on your PC or in Active Directory (if your machine is joined to an AD domain).

Alternately, yes, it is possible to "share" a user's EFS certificate with another user - by copying it between the users' personal certificate stores.

From the Select User dialog box, you can access the EFS user certificates that are stored in the Other People and Trusted People certificate containers of your personal certificate store. The Trusted People is a new XP and Windows 2003 certificate container. It contains the EFS certificates of all users that have ever encrypted a file from a particular machine. If your machine is a member of a Windows AD domain, you'll notice that the Find User… button is enabled. Pressing this button lets you access the EFS user certificates that are published in AD. Note that the EFS “Select User” dialog box will display only the valid EFS certificates. This means that the certificate must have the “Encrypting File System” purpose enabled in its properties, and also that the certificate must be valid and should not have expired. If you want to share encrypted files with people whose EFS certificate is not available in one of the above repositories, you can always import it manually into AD or your certificate store.

Share:
5,267

Related videos on Youtube

Teocali
Author by

Teocali

Software engineer in Belgium

Updated on September 18, 2022

Comments

  • Teocali
    Teocali almost 2 years

    Long story short, I have some configuration file for a tool containing sensitive information and the client want them encrypted. I want to use EFS for this, but there is a problem : the account doing the installation (and so the encryption) can not be the same running the tool (the why are not important at this point), so here is my question :

    Is there a way to transfer a certificate used for decryption from a user to another on the same computer on windows server 2012 ?

    Thanks in advance

  • Teocali
    Teocali almost 10 years
    Your first solution would be the best. The problem is that the running account is a service account : no login allowed. Is there a way to create a EFS Certificate for another account ? Eventually I can ask another question. :)
  • HopelessN00b
    HopelessN00b almost 10 years
    @Teocali Well, precisely how you solve that depends a great deal on how your EFS is configured - if it's done well, you should be able to simply import the certificate from AD and/or the backups you really should be doing of those certificates. IF those aren't options, the thing that jumps out to me as the next best approach is that allowing interactive logins for an account can be toggled on and back off again fairly easily.... or you could create a task to run as the service account and export its EFS certificate to a flat file somewhere.
  • HopelessN00b
    HopelessN00b almost 10 years
    @Teocali As requested. :)

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Having issues connecting to a Windows 2012 VPN
Can windows viruses affect my encrypted linux partition on the same disk?
Generating an RSA key pair in powershell
Using nxlog to ship logs in to logstash from Windows using om_ssl
Java Virtual Machine Launcher Error: Invalid or Corrupt Jar file
How do you use certmgr to add a certificate to Trusted Publishers in Excel?
How to move/copy Windows 2003 Server scheduled task to Windows 2012 Server?
Self Signed Certificate in Windows without makecert?
How to Decrypt a Windows folder in Ubuntu
How to install Ubuntu alongside BitLocker encrypted Windows 10?