Re: Cannot decrypt about 5% of encrypted files

On Mar 29, 10:22 am, "ttr...@xxxxxxxxxxxxxxxxx"
<ttr...@xxxxxxxxxxxxxxxxx> wrote:
Here's my problem. I very recently (three weeks ago) started moving
my user "My Documents" folders to a server using a GPO. This GPO also
set automatic encryption on the folders. Bunches of problems cropped
up, and I'm trying to move the folders back to the local desktops.

However, about 5% of the files (that's a guesstimate) just won't move
back. The copy says the user doesn't have rights to the suspect
files, even though the NTFS permissions say otherwise. Every one of
the suspect files is encrypted (as are the one that aren't causing any
problems). But when I try to decrypt them, it says I don't have
permissions to do that.

It doesn't matter how I log into the server; as the domain admin, the
local admin, or with the user account. I get the same error. The
other 95% of the files, which were copied over at the same time, under
the same user accounts, and (one presumes) the same encryption keys,
decrypt just fine.

I am completely at a loss to understand this behavior. Before I
started moving user data, I tested this all with a small group of
users, and I was able (as the domain admin), to encrypt and decrypt
files at will. Does anyone have any step-by-step procedures I could
try to recover these files. I'm not a noobie, but right this moment
I'd prefer some detailed, hand-holding instructions on this.

I've answered by own question. The documents in question were being
copied to a cluster server that had a file share resource. For
reasons we don't understand, most of the documents were being
encrypted by the "B" server, but a handful were being encrypted by the
"A" server. This makes no sense, because it shouldn't matter which
server in the cluster was active, encryption should have been the same
(looking at the file details, they show the same users and
certificates, regardless of which server was active). The only way to
undo all this is to decrypt as many as possible on one server, then
switch to the other server and decrypt the remaining files
individually. Extremely tedious work.

Obviously, I won't try encrypting files on a cluster server again,
until I know why this happened in the first place.

.

Relevant Pages

  • [NT] Multiple Vulnerabilities in HP Web JetAdmin (Read, Write, Execute, Path Disclosure, Password De
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... HP Web JetAdmin is an enterprise management system for large amounts of HP ... The web server is a modular service ... HP Web JetAdmin uses it's own encryption. ...
    (Securiteam)
  • Re: Advice needed on secure remote datacenter and secure communication
    ... fair bit of time working with windows server, ... as for VPN, ... Addressing your issue with PGP encryption on sensitive files, ...
    (alt.computer.security)
  • Re: About encrypted filesystems
    ... what about key management?? ... a server is just embedded software that is supposed to ... procedure necessary to decrypt all the data is part of the data ... this is under the premises that the encryption algorithm is ...
    (comp.os.linux.security)
  • About encrypted filesystems
    ... The reason I'm puzzled is: ... a server is just embedded software that is supposed to ... procedure necessary to decrypt all the data is part of the data ... this is under the premises that the encryption algorithm is ...
    (comp.os.linux.security)
  • Re: Proposal for Lite Encryption for Login Form without SSL
    ... the form uses javascript to hash the password ... This way the password is not sent to the server ... This would be the equivalent to a public key in public key encryption ...
    (comp.lang.php)