Re: File Encryption

---

• From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
• Date: Sun, 19 Feb 2006 15:46:20 -0700

---

After you imported the cert and then opened the previously EFS
encrypted file, did you do this in an account that already had an
EFS cert ? That is, is it possible the account had two cert/keys
for EFS after you did the import, and then when you closed the
file it was reencrypted with the account's main EFS cert?
You could look at tht thumbprint of the file and certs to tell.

"Scott" <Scott@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:E9A38299-9EF0-4AA0-A671-0AD9E20ECBFE@xxxxxxxxxxxxxxxx

Hello,

I am not able to open a file that I encrypted. Here are the details:

I encrypted a file on a USB drive (NTFS) while logged on as the domain
administrator of a Win2003 domain controller. I exported the
administrator's
EFS certificate to the same USB drive. I moved the USB drive to a WinXP
PC,
which is logged in as a user of a different domain. I imported the
certificate and was able to open the file successfully. Perfect!
However,
this suddenly turned out to be the ONLY user that could open this file.

I moved the USB drive back to the original domain controller and the
administrator could no longer open the file, no matter what I tried. Nor
could I open the file if I moved the USB drive to a 3rd WinXP PC that is
logged in as a different user (even after importing the EFS certificate).
Why this strange behavior?

I would expect that any user could open the file once I imported the EFS
certificate, but this is not the case.

I noticed the user listed under "Users who can transparently access this
file" changed after I did the certificate import and opened the file on
the
WinXP PC. It changed from the domain administrator to the WinXP user of
the
different domain. I simply can't get it to change back to the domain
administrator (or any other user).

How do I get the domain administrator (or any other user) to open this
file?

Thanks,
Scott

.

---

• Follow-Ups:
  • Re: File Encryption
    • From: Scott

• Prev by Date: Re: Perplexed - who should I believe?
• Next by Date: Re: How do I run the latest MS security updates were installed?
• Previous by thread: Re: File Encryption
• Next by thread: Re: File Encryption
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: How to decrypt EFS-protected restored files? ... It is my understanding that some backup programs do not backup efs files ... I export my EFS certificate to a floppy. ... > describes the steps in restoring EFS-protected files, the order of importing ... (microsoft.public.security) Re: EFS Recover Agents Unable to decrypt files ... > should be able to decrypt the files as the DRA. ... I tried to decrypt the file after only importing ... >> EFS RA certificate but this failed. ... (microsoft.public.win2000.file_system) Re: How to decrypt EFS-protected restored files? ... Searching www.google.com and/or www.microsoft.com/support for EFS recovery ... agent might help you find more articles if the ones above didn't help you. ... I export my EFS certificate to a floppy. ... or if importing the EFS certificate after restoring ... (microsoft.public.security) RE: Relative Security Provided by Cached Domain Credentials? ... So when a user logs on the w2k terminal using a smartcard + pin no (rather ... If it does then EFS ... profile currently logged on for the private certificate. ... (Focus-Microsoft) RE: Relative Security Provided by Cached Domain Credentials? ... certificates assigned to them, with each certificate having a set number ... smart card management tools which provide private key archival for smart ... AND the cert is also valid for EFS, they likely would be able to do ... What you probably could get to work for local file encryption, ... (Focus-Microsoft)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)