Re: EFS Certificate Needed
- From: "GreenieLeBrun" <GreenieLeBrun@xxxxxxxxxxx>
- Date: Wed, 24 Oct 2007 09:48:55 +1000
HonoredWriter wrote:
Dear Brian and Roger;
The certificates I have were recently installed days after the files
were encrypted. And I think that I am in a no win situation, because I
re-installed Windows after the encryption. I should have deciphered
the files prior to re-installing Windows. The keys have probably been
discarded/changed. Also I changed the name of the User. It was
foolish of me to believe that I could decrypt files after I had
re-installed Windows. The files were not deleted because they are
located on another drive and partition. I was pulling for straws by
assuming I could use another certficate to decipher the files. Me
think I will keep one or two of them on my system to remind me what
not to do (smile). Thanks for all of your good help with the sharing
of your knowledge. It is amazing how much smarter one gets when one
makes a foolish mistake. "If any man thinks he is wise let him become
a fool so he can become wise."
Thanks for your assistance.
One may generate and EFS recovery agent .pfx by use of
the cipher utility with the /r option. See cipher /?
After being installed, that recovery agent will only have
decrypt capabilities on files EFS-touched afterwords.
If you believe you already have a recovery agent set up
and it is unable to decrypt EFS files, then you probably
need to use the efsinfo utility to examine the thumbprint
of the files that may not be decrypted, verify that the
account from which you attempt actually has the recovery
agent private key installed within it, etc.
Why is it that you say
The certificates I have are not worthy to be Recovery Agent?? What is it that you are seeing and how? How are you
certificates even though their intended purposes are clearly
stated.
attempting to use this (these?) ?
"HonoredWriter" <honoredwriter@xxxxxxx> wrote in message
news:29109205-2BD1-4FB3-9465-1F84B2DAD118@xxxxxxxxxxxxxxxx
How do I obtain a Recovery Agent certificate to
recover/restore/decrypt some
previously encripted files? The certificates I have are not worthy
to be Recovery Agent certificates even though their intended
purposes are clearly
stated. ( Shucks, I'm thinking this computer has intuitive
intelligence.) --
HonoredWriter
If you re-installed Windows AFTER the files were encrypted then, I am
afraid, you are out of luck as the SID (security Identifyer) will have
changed (see http://en.wikipedia.org/wiki/Security_Identifier)
You may like to peruse the following links for more information on the EFS
The Encrypting File System
http://www.microsoft.com/technet/security/topics/cryptographyetc/efs.mspx
Best practices for the Encrypting File System
http://support.microsoft.com/kb/223316/en-us
How to back up the recovery agent Encrypting File System (EFS) private key
in Windows Server 2003, in Windows 2000, and in Windows XP
http://support.microsoft.com/kb/241201
How To Encrypt a Folder in Windows XP
http://support.microsoft.com/?id=308989
How To Remove File Encryption in Windows XP
http://support.microsoft.com/?id=308993
How To Encrypt a File in Windows XP
http://support.microsoft.com/?id=307877
.
- Follow-Ups:
- Re: EFS Certificate Needed
- From: HonoredWriter
- Re: EFS Certificate Needed
- References:
- Re: EFS Certificate Needed
- From: Roger Abell [MVP]
- Re: EFS Certificate Needed
- From: HonoredWriter
- Re: EFS Certificate Needed
- Prev by Date: Re: EFS Certificate Needed
- Next by Date: Re: How do you prevent workstations in a server 2003 domain from l
- Previous by thread: Re: EFS Certificate Needed
- Next by thread: Re: EFS Certificate Needed
- Index(es):
Relevant Pages
|
