Accessing EFS encrypted storage on a second computer

Storage configured for use by the software may use the NTFS file system. Further, NTFS provides the Encrypting File System (EFS) feature.

When EFS encrypted storage is moved from one computer to another, the software may log an error "********** The current user is not the same as the original user configured for encryption **********" and the storage backups remain unreadable.

To view EFS encrypted storage initiated on a first computer from a second computer, you must import the encryption certificate used on the first computer to the second computer.


First, export the encryption certificate with a DATASTOR command. 

You must run DATASTOR command-line commands as an administrator, otherwise you will receive an error when the command tries to run.

To open a command prompt as an administrator, click the Start button in the bottom left pane, then select the All Programs, Accessories folder from the start menu. Move the mouse pointer over the Command Prompt icon and right click and select 'run as administrator' from the pop up menu.

 

To run DATASTOR commands, you must add the installation directory to the computer system PATH (a one time command), or change to the installation directory. Use the CD command to change to the installation directory. The default installation directory for the Professional software is C:\Program Files\DATASTOR\DATASTOR Shield Professional\Client. Because the path contains spaces, the path must be in quotation marks.

 

The default directory for the Enterprise software is C:\Program Files\dataStor\DATASTOR Shield Enterprise Protection Server\Server.

 

Type:Aiq objectstore cipher -store <storename> -exportkey

where <storename> is the name given to your storage. If the name has spaces in it, put the store name in quotation marks. E.g. Aiq objectstore cipher -store "My Store" -exportkey.Hit enter.The command creates two encryption certificate keys in the storage Objectstore folder.


Second, import the certificate key on the second computer. 

To do so, you will need to access the storage from the second computer. For example, you may need to move an RDX cartridge and dock used for storage to the second computer. Or, you may need to connect to NAS based storage from the second computer. Log onto the second computer with the user account that will be used to run DATASTOR tasks since you are importing a user certificate.

The store is hidden by the software so it is not visible through Windows Explorer by default.

To view the Objectstore folder on disk, open Folder Options in the Windows Control Panel. On the View tab select to show hidden files, and then uncheck the box to hide protected operating system files. Click OK.

 

With the new folder options in place the Objectstore folder becomes visible through Windows File Explorer or a command prompt. When finished, remember to set the folder options back to the original settings.

Next, open Certificate Manager. Click your Search bar and type certmgr.msc and hit enter. Navigate to the Personal > Certificates folder. Right click in the white space and select All Tasks > Import...

 

Or, just double click on the pfx file in the Objectstore folder. Run through the Import wizard. Select to import for current user. Browse to the pfx certificate file when prompted. Leave the password field blank, and accept default checkboxes. Select the radio button to allow the wizard to automatically select the certificate store. Then, click Finish.