Appendix D: Importing and Exporting EFS Certificates

Published: June 30, 2006 | Updated: November 30, 2006

This appendix provides additional guidance for EFS certificates. It includes the procedures used to export EFS certificates from the source computer and import EFS certificates on the target computer. Windows Vista and Windows XP requirements are listed separately.

On This Page

Windows Vista Windows Vista
Windows XP Windows XP

Windows Vista

When USMT encounters destination computers running Windows Vista, it automatically migrates EFS certificates when the /efs:copyraw option is specified in the Scanstate Command Prompt window. When the store migrates to the destination computer, the certificates automatically migrate with the files.

Note   Certificates can be migrated from Windows XP to Windows Vista and from Windows Vista to Windows Vista. USMT will not automatically migrate EFS certificates to Windows XP systems.

Windows XP

Computers running Windows XP require additional guidance on EFS certificates. To export an EFS certificate from the source computer to a location from which it can be imported, complete the following steps:

  1. Click Start, and then click Run.

  2. In the Run box, type mmc, and then click OK.

  3. Add the Certificates Microsoft Management Console (MMC) snap-in:

    1. On the File menu, click Add/Remove Snap-in.

    2. In Add/Remove Snap-in, click Add.

    3. In Add Standalone Snap-ins, select Certificates from the list, and then click Add.

    4. In Certificates snap-in, select My user account, and then click Finish.

    5. Click Close, and then click OK.

  4. Export the certificate:

    1. In the left pane, expand Certificates - Current User, expand Personal, and then expand Certificates.

    2. Right-click the certificate to be migrated, point to All Tasks, and then click Export.

    3. Use the Export Wizard to store the certificate somewhere accessible from the target computer.

    4. When prompted, click Yes, export the private key, and then supply a password that will be used when the key is imported.

Note The user must be logged on to migrate EFS certificates.

To import the EFS certificate on the target computer

  1. Click Start, and then click Run.

  2. In the Run box, type mmc, and then click OK.

  3. Add the Certificates MMC snap-in:

    1. On the File menu, click Add/Remove Snap-in.

    2. In Add/Remove Snap-in, click Add.

    3. In Add Standalone Snap-ins, select Certificates from the list, and then click Add.

    4. In Certificates snap-in, select My user account, and then click Finish.

    5. Click Close, and then click OK.

  4. Import the certificate:

    1. In the left pane, expand Certificates - Current User, and then expand Personal.

    2. Right-click Personal, point to All Tasks, and then click Import.

    3. Use the Import Wizard to find the exported certificate, which is a Personal Information Exchange file.

    4. Type the password supplied when the certificate was exported.

Additional guidance concerning the migration of EFS certificates exists in USMT.chm, which resides in the default install directory of the USMT. See the section “Using USMT 3.0\How to Migrate EFS certificates.”

Download

Get the Microsoft Solution Accelerator for Business Desktop Deployment 2007

Update Notifications

Sign up to learn about updates and new releases

Feedback

Send us your comments or suggestions