Re: EFS Certificate Needed

Dear Brian and Roger;
The certificates I have were recently installed days after the files were
encrypted. And I think that I am in a no win situation, because I
re-installed Windows after the encryption. I should have deciphered the files
prior to re-installing Windows. The keys have probably been
discarded/changed. Also I changed the name of the User. It was foolish of me
to believe that I could decrypt files after I had re-installed Windows. The
files were not deleted because they are located on another drive and
partition. I was pulling for straws by assuming I could use another
certficate to decipher the files. Me think I will keep one or two of them on
my system to remind me what not to do (smile). Thanks for all of your good
help with the sharing of your knowledge. It is amazing how much smarter one
gets when one makes a foolish mistake. "If any man thinks he is wise let him
become a fool so he can become wise."
Thanks for your assistance.
--
HonoredWriter


"Roger Abell [MVP]" wrote:

One may generate and EFS recovery agent .pfx by use of
the cipher utility with the /r option. See cipher /?
After being installed, that recovery agent will only have
decrypt capabilities on files EFS-touched afterwords.

If you believe you already have a recovery agent set up
and it is unable to decrypt EFS files, then you probably
need to use the efsinfo utility to examine the thumbprint
of the files that may not be decrypted, verify that the
account from which you attempt actually has the recovery
agent private key installed within it, etc.

Why is it that you say
The certificates I have are not worthy to be Recovery Agent
certificates even though their intended purposes are clearly
stated.
?? What is it that you are seeing and how? How are you
attempting to use this (these?) ?


"HonoredWriter" <honoredwriter@xxxxxxx> wrote in message
news:29109205-2BD1-4FB3-9465-1F84B2DAD118@xxxxxxxxxxxxxxxx
How do I obtain a Recovery Agent certificate to recover/restore/decrypt
some
previously encripted files? The certificates I have are not worthy to be
Recovery Agent certificates even though their intended purposes are
clearly
stated. ( Shucks, I'm thinking this computer has intuitive intelligence.)
--
HonoredWriter



.

Relevant Pages

  • Re: Cannot decrypt files
    ... Do you have permission-wise access to the files? ... Open the Certificates MMC snapin and look for any certs with those ... If you don't have any of the "Users" certificates, ... > NTFS file system that contains 2 files I cannot decrypt. ...
    (microsoft.public.win2000.file_system)
  • Re: EFS (Encrypting File System) - Unable to define Recovery Agent
    ... > I have recently just installed Win XP Pro. ... > setting up a recovery agent and/or to export the existing default recovery ... > I attempted to use certificates snap in to create a recovery ... to create the DRA cert and key - best done while logged in as ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Certificate Templates - Should I delete any?
    ... > We are planning to deploy EFS. ... Delete alle other Templates from this folder. ... > automatically begin to issue certificates to workstations & domain ... Enroll the "recovery agent" and later deltete this template from policy ...
    (microsoft.public.win2000.security)
  • Re: EFS Recovery Agents
    ... implemented on this computer contains one or more EFS recovery agent certificates that have expired. ... Either renew the existing certificates or generate new certificates for the EFS recovery agents and reapply the recovery agent policy with those certificates. ... How To Encrypt a Folder in Windows XP ... How To Remove File Encryption in Windows XP ...
    (microsoft.public.windowsxp.general)
  • Re: using EFS & WebDAV with multiple users
    ... I installed Office 2003 and with none of the programmes it ... everything worked just absolutely fine (encryption and ... >> certificates, ... >> they are able to access and decrypt the encrypted file ...
    (microsoft.public.win2000.security)