Re: EFS Disabling
From: *Vanguard* (no-email_at_no-spam.invalid)
Date: 02/22/04
- Next message: *Vanguard*: "Re: EFS Disabling"
- Previous message: Bucky: "BN Server"
- In reply to: scott: "EFS Disabling"
- Next in thread: *Vanguard*: "Re: EFS Disabling"
- Reply: *Vanguard*: "Re: EFS Disabling"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 21 Feb 2004 23:52:47 -0600
"scott" said in news:13aef01c3f8e0$e6725080$a101280a@phx.gbl:
> I had to reinstall XP on a computer and so I copied my EFS
> files onto a disk and then put them back on. Only problem
> is I can't access them now. I can't turn off the
> encryption on them, and I can't use the cipher command on
> them either.
>
> I am the admin on the computer (since it's my computer)
> but I don't know how to use the recovery agent or
> understand anything about EFS.
>
> Anyone know how to remove EFS from files if you are the
> admin on the computer?
Each time you create a user account, a new SID (security identifier) gets
assigned to it. It is unlikely that the same SID is defined under different
instances of Windows NT/2000/XP. Besides the SID, I also suspect some
crypto key is assigned to that newly created account: there is a
"%userprofile%\Application Data\Microsoft\Crypto\RSA\S-1-5-..." subdirectory
in your profile directory. You encrypted your files under "JoeDoe" under
one instance of Windows with whatever SID and crypto key got assigned to it
under that instance of Windows. Now you're trying to access those same
files under a *different* but same-named "JoeDoe" account under a different
instance of Windows. They have the same account names but each "JoeDoe"
account is different and unique from each other.
You must have exported your EFS security certificate (onto a floppy or other
removable media) so you could then import it under your new account (whether
it uses the same name or not). Under Windows 2000, the "Administrator"
named admin account was designated as a recovery agent so you could use that
account to remove the EFS and then let the user read the files (who could
then apply EFS for new encryption under that "new" same-named account). I
think the SID for "Administrator" is the same for all installs of Windows
2000/XP (i.e., there is a standard SID for "Administrator"). However, I
don't know if that means you can move EFS-protected files from one instance
of Windows 2000/XP and recover them using "Administrator" under a different
instance of Windows 2000/XP. That would seem a huge security breach, and
why I suspect there is also some additional crypto key assigned uniquely to
each account, even to the Administrator account, which would not be the same
for standard accounts, like Administrator, that get assigned a standard SID
value. Under Windows XP, *no* recovery agent is assigned when you use EFS.
You have to designate a recovery agent.
Unless you exported the EFS security certificate for your account or for a
recovery agent account, if one was assigned, you won't be able to read those
files ever again. I've heard ramblings from some users claiming that if you
included your profile in your backups that there are subdirectories under
your profile path that would let you access your old EFS-protected files
(i.e., you use your old profile against your old EFS-protected files). I
don't know how that would work. Just having the old profile around or using
it to overwrite your new profile won't update the registry to match the SID
and/or crypto keys that were used before but, hey, who knows.
Besides the scenario you have discovered (in which you really need to have
exported the EFS security certificate to later access those EFS-protected
files under a different instance of Windows 2000/XP), they may also become
inaccessible if you reset your password.
EFS, Credentials, and Private Keys from Certificates Are Unavailable After a
Password Is Reset
http://support.microsoft.com/?kbid=290260
Since this KB article mentions the requirement of having the original
profile directory, maybe that's what the other posters were talking about
when discussing how to recover from not being able to access EFS-protected
files. You would have your old RSA crypto keys under your old profile but
you would also need to know the account's password in use at the time you
could last successfully access the EFS-protected files.
However, this article probably won't help you since you now have a totally
new instance of Windows XP. Or do you? Did you do a fresh install (i.e.,
delete and/or format the partition), or did you do a repair install (i.e.,
install atop an existing install of Windows XP)? If you did a repair
install then maybe the old profile still exists. In that case, you might be
able specify the same old password (last used when you could access the
EFS-protected files) and slide the old profile in place of your current and
new profile. There is another link inside that KB article that discusses
how to recover EFS-protected files.
I got a feeling that unless you exported your EFS security certificate
before wiping out your old Windows install that those files are now just
garbage content.
-- ____________________________________________________________ *** Post replies to newsgroup. E-mail is not accepted. *** ____________________________________________________________
- Next message: *Vanguard*: "Re: EFS Disabling"
- Previous message: Bucky: "BN Server"
- In reply to: scott: "EFS Disabling"
- Next in thread: *Vanguard*: "Re: EFS Disabling"
- Reply: *Vanguard*: "Re: EFS Disabling"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
