I synchronise the contents of My Documents on my home computer with my USB stick and am concerned with the security of the contents om stick. I thought encryption would be a solution.I created a test folder with some files which I encrypted. Encryption seemed to work OK since the colour of the file names changed to green. I then synch'ed the contents with my stick, took the stick to a different computer, and unfortunately I could read the "encrypted" files as per normal. The two computers have different login usernames.Should the contents of the stick have been secure? What am I doing wrong please?The cause might be related to the fact that a certificate "snap-in" is not visible in the user account. Should it be? If the problem is caused by the fact there isn't a digital certificate installed, then why didn't XP ask me for the location of the certificate before it proceeded to encrypt?TIA.... Greg1 person needs an answerI do too

Hi Greg, Before you move the Encrypted files to the USB drive, make sure that the USB flash drive is formatted using NTFS format. Also make sure to check the properties after copying the files to USB drive that they don’t loose Encryption that you have set to the files. To verify you may follow the steps below: Right click on the files in USB drive.Click on Properties.Click on Advance tab.Make sure the option ‘Encrypt Contents to secure data” is selected. Check it on the other computer if the files are encrypted. You may also access the link below to know more about working with Encryption.http://support.microsoft.com/kb/223316/ http://support.microsoft.com/kb/308989http://technet.microsoft.com/en-us/library/bb457116.aspx Hope this helps. Let us know the result. Thanks and Regards, Srinivas RMicrosoft Support.Visit ourMicrosoft Answers Feedback Forum and let us know what you think.

Thank you very much Srinivas.I can now transport encrypted files to another computer but now I need to work out (1) which certificate was used to encrypt the source, so that I can copy and (2) store it in the appropriate place on other computers. Also (3), I am the only person who will access these data; do you recommend I set myself up as a Data Recovery Agent in order to give myself the protection of always being able to decrypt my data? TIA .... Greg

Finding the appropriate certificate is covered in KB223316 in the section "How to back up your Certificate". Quoting from that article:------5. Select one certificate at a time until the Certificate Intended Purposes field showsEncrypting File System . This is the certificate that was generated when you encrypted your first folder.------Personally, IMHO, I would recommend that you abandon messing with certificates and try a 3rd party solution such as freeware "Truecrypt". Very mature, very secure, you control the encryption password, and it can even be used on XP Home machines and other Windows machines that don't support EFS. There are no certificates to locate, lose, backup, or install -- you can either use a key file of your choosing or pick a password. I've used it for almost ten years and have not lost any data yet despite several computer failures -- not often the case for EFS.Truecrypt: < http://www.truecrypt.org >HTH, JW

Thank you JW. I understand if all I wanted to do was encrypt a backup then Truecrypt is a good way to go.But what I want is to encrypt a synchronised copy of My Documents. Thus the copy I make on my USB stick is not a compressed backup, but a synchronised copy that is encrypted. i don't care if the source folder on my computer is encrypted or not, I will go with whatever will work.If I use Windows to encrypt the source, and then Smartsync Pro to synchronise a copy onto my stick, then the destination turns out unencrypted. The destination is NTFS, but I assume that Windows decrypts the content as Smartsync copies it out.Smartsync has encryption capability, but only on its backups. I want encryption with the convenience of synchronisation: is there a solution?TIA ... Greg

I am not familiar with Smartsync Pro, but I believe that Truecrypt may still be a good solution. Truecrypt works by creating a container file which may be a file or perhaps an entire partition. It can be located on your hard drive, external USB drive/thumbdrive, or even a file on a networked server. Double-clicking on this "container file/partition" (or otherwise mounting it) will cause it to mount as a virtual external drive with its own drive letter (after providing the correct password or authentication of course). After that, this newly mounted drive appears, for all intents and purposes, like any other totally unencrypted attached drive except data is actually encrypted as it is written and decrypted as it is read from this virtual drive (OTFE: On-the-Fly-Encryption). Files can be added, deleted, viewed, and written in any order and at any time and maintains their normal Windows directory structure and time stamps,etc. When the virtual drive is dismounted, all data remains safely encrypted in its container file/partition. It seems to me it will work quite well for your purpose. Give it a try. It's free.-- JW

To add a bit to Wunders' observation that it's possible to lose data when using EFS, if you do decide to use EFS, make sure that you read and follow the Best Practices for the Encrypting File System . If you do not have backup certificates or a specified recovery agent, sooner or later you WILL lose data.If the key pair is lost or damaged and you have not designated a recovery agent, then there is no way to recover the data.

I will give this a try JW. If I understand you correctly, the concept is that Truecrypt would work underneath the synchronisation program; that once I set up a partition on an external USB and ask Smartsync to synchronise it with a corresponding set of folders on the PC, that Truecrypt will encrypt/decrypt as required in a way that is not apparent to Smartsync. Is that right? ... Greg

I will give this a try JW. If I understand you correctly, the concept is that Truecrypt would work underneath the synchronisation program; that once I set up a partition on an external USB and ask Smartsync to synchronise it with a corresponding set of folders on the PC, that Truecrypt will encrypt/decrypt as required in a way that is not apparent to Smartsync. Is that right? ... GregExactly.-- JW

Well I'm impressed with Truecrypt and initially everything looked like it was going to work with Smartsync. I created what Smartsync calls a profile which specified and successfully copied the folder and contents to the encrypted destination folder on my NTFS USB stick. Looking good.However, it seems Smartsync cannot maintain its log of file changes necessary to perform synchronisation. After changing the profile from "copy source to destination" to "synchronise source and destination", changing or adding a file in either place, and running the synchronisation program, the changes are not reflected in the other place. Smartsync delivers a message however to say the operation was completed successfully.If I delete all the files in the destination and use "copy source to destination" again, Smartsync re-writes the original set of source files, not the source files as they were changed or added. Again I receive a message to say all worked OK.So bottom line is results are mixed. I get security on the data on my stick, but I lose the convenience of two-way synchronisation of its contents. :(regards ... Greg

Is it possible that Smartsync requires both source and destination filesystems to be NTFS? Even though your USB stick is formatted NTFS, when you create your Truecrypt volume, there is a "Volume Format" step in the creation process where you specify the format of the encrypted volume (immediately after you enter the password). The default is FAT and if you don't pay attention and just click on "Next", you may have created a FAT Truecrypt volume/partition file system instead of a NTFS-formatted encrypted volume. After you mount the Truecrypt partition, go to "My Computer", find the volume that you just mounted, right-click on it, and select "Properties". The resulting display will tell you whether the file system is FAT or NTFS. You shouldn't lose anything by using a Truecrypt volume over, say, an unencrypted USB drive.HTH, JW

Thanks for your help JW. Yes, Smartsync requires both source and destination to be NTFS and they were. I found out that Smartsync can be optioned to use Windows' own copy program instead of its own which means that windows encryption can be maintained in the synchronisation process so I am satisfied now with the solution I have in place.Having said that, I am surprised that when I use my stick with a computer that does not have the necessary certificate, the folder structrure and file names can be seen. The files themselves can't be opened because they are encrypted, nevertheless 'a thief' still can learn alot about me from the names of the files. I ticked the box with words to the effect "encrypt this folder and its subfolders and its contents" when I performed the encryption. I thought this would have the effect that even the file names in a folder would be secure. Have I done something incorrectly?TIA ... Greg

Greg,You have done everything correctly. From the KB Article:" How to encrypt a folder in Windows XP" < http://support.microsoft.com/kb/308989 >Appears the following text:-----Quote---------------If you want to encrypt the existing folder contents along with the folder, clickApply changes to this folder, subfolders and files , and then clickOK . The folder becomes an encrypted folder. New files that you create in this folder are automatically encrypted. Note that this does not prevent others from viewing the contents of the folder. This prevents others from opening items in the encrypted folder.-----End-Quote---------------... which is another reason that I personally prefer Truecrypt over EFS.Regards, JW