Re: Cannot Decrypt Files
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 05/01/05
- Previous message: Robert: "Cannot Decrypt Files"
- In reply to: Robert: "Cannot Decrypt Files"
- Next in thread: Robert: "Re: Cannot Decrypt Files"
- Reply: Robert: "Re: Cannot Decrypt Files"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 30 Apr 2005 21:52:28 -0500
When you view your certificate in the mmc snapin for certificates for "user"
and look at the general page it needs to show "you have a private key that
corresponds to this certificate". If not you will not be able to access the
EFS files with that certificate. Possibly at one time you exported the
certificate and private key to a password protected .pfx file AND in the
process checked the option to delete the private key?? If that is so, import
the .pfx certificate/private key back into that computer to access the EFS
files. Windows 2000 also requires a Recovery Agent for EFS which is the
built in administrator account for a non domain computer which probably is
what was referenced to as "unknown user". So try logging on as the built in
administrator account to see if that works or importing the domain's RA
certificate/private key from a .pfx file for it. Efsinfo /r shows RA
information. In a domain the RA can typically be the built in administrator
account for the domain and the best place too look for that certificate
would be on the first domain controller in the domain which may be the pdc
fsmo. You can not request a certificate with the same private key if the
private key does not exist with the certificate which is why you get that
message. FYI the EFS certificate/private key live in the users profile. So
if you have a backup of the users profile for that installation of the
operating system you may be able to restore a copy of the profile and thus
the private key assuming the backup contained the private key. --- Steve
http://support.microsoft.com/default.aspx?scid=kb;EN-US;223316
"Robert" <Robert@discussions.microsoft.com> wrote in message
news:FF62B5A2-3172-47AD-B31B-261B26646219@microsoft.com...
> Hi,
>
> I am looged in to a standalone W2K machine as the user who encrypted the
> files. Efsinfo and MMC Certificates have indicated that my certificate
> thumbprints are the same. Efsinfo however states that the user is unknown
> even though CN=<myuser>..not sure if that matters. An intersting side
> note
> is that when I attempt to request a certificate with the same key from my
> personal efs certificate I receive an error message stating that the
> selected
> certificate has no private key. Any help would be appreciated.
>
> TIA,
> Robert
- Previous message: Robert: "Cannot Decrypt Files"
- In reply to: Robert: "Cannot Decrypt Files"
- Next in thread: Robert: "Re: Cannot Decrypt Files"
- Reply: Robert: "Re: Cannot Decrypt Files"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
