Re: EFS Problem

From: Phil Kline (grouper@kline.to)
Date: 03/01/03 

From: "Phil Kline" <grouper@kline.to>
Date: Sat, 1 Mar 2003 05:18:23 -0500

I am watching your situation. I need to learn about EFS as well. I did an
upgrade to Win XP PRO after my WIN 2000 PRO locked up. I had the disc for a
year but reasoned why install WIN 2000 over again as I had the new OS.
Probably a bad time to do a migration but I did.

The machine is free standing. I had encrypted some of my files for security
reasons. The migration went well but somehow I wound up with both OSs on
the machine.

MS helped me through some minor concerns. I asked if the WINNT directory
could be safely deleted and they said yes. After I was satisified with the
migration. I deleted it (duh). Well sure enough when I went to open some of
the encrypted files they wouldn't open.

I didn't even know what EFS was nor did I know to save a key/certificate
elsewhere, etc. So now I have 700 important files I can't access. I was
able to recover the security file of the WINNT directory by running a
recovery program but am not sure what to do next. I thought of copying the
files to a a machine on the WIN 2000 PRO network at work and then trying to
gain control over them by logging on as the Administrator profile but
believe I will probably have to import the whole security folder recovered
form the deleted WINNT directory.

Any thoughts, suggestions?

Thanks,
Phil

Peter K." <pmdatabase@yahoo.ca> wrote in message
news:chko5vs1oqkfsl5j2facv8cu5ne5dn5943@4ax.com...
> I am trying to learn EFS.
>
> I encrypt a file as a user on a workstation. Copy the file to the
> server and log in as Domain Administrator. I have full rights on the
> file, and the owners are domain\administrator and
> domain\administrators. Efsinfo \u says that domain\administrator is
> the recovery agent, but I cannot access the file -i.e., open it or
> remove the encryption.
>
> One thing that was a bit non-standard. This was not the first server
> in the domain. It has already been retired. When I opened a
> Certificates MMC there was no certificates in Personal ->
> Certificates. However, the Domain Security Policy had an account for
> Administrator in the Encrypted Data Folder which I exported, then
> imported into the Certificates MMC. I don't know if that has anything
> to do with the situation or not.
>
> Did I miss something, and where do I go from here? All ideas and
> assistance appreciated.
>
> Peter

Relevant Pages

  • Encryption system on XP Pro for home use
    ... I am running Windows XP Pro. ... I want to be able to encrypt my ... EFS looks ideal, but I can't figure out the decryption process on ...
    (microsoft.public.windowsxp.security_admin)
  • Re: encryption
    ... Assuming you have windows XP Pro, you can encrypt a single or multiple ... This link has some good information about EFS: ...
    (microsoft.public.windowsxp.newusers)
  • RE: Laptop Security - Microsoft EFS
    ... With EFS the keyare unique to the drive. ... EFS to encrypt system files. ... cleartext during a mount attack, but the easiest way for an attacker to gain ... who can also decrypt the respective persons info. ...
    (Security-Basics)
  • RE: EFS rollout using Active Directory
    ... I just have something to add to the Final Thought regarding laptop users: ... You can implement EFS on systems running Windows 2000 and Windows XP ... Stand-alone workstations generate their own public key certificate that you ... encrypt the contents of their files or folders. ...
    (Focus-Microsoft)
  • Re: How can I share encripted files between two user accounts?
    ... Strong protection on keys doesn't work with EFS. ... Find the EFS recovery cert in the Personal store ... We just pick one of them to encrypt a file - there's no guarantee which one ... "George Valkov" wrote in message ...
    (microsoft.public.windows.server.security)