Re: CA deleted - Can't decrypt files

---

• From: Paul Adare <padare@xxxxxxxxxxx>
• Date: Sun, 25 Jun 2006 06:33:13 -0400

---

In article <17025999-8EA6-446D-806D-26ABA2F45817@xxxxxxxxxxxxx>, in the
microsoft.public.win2000.security news group, =?Utf-8?B?RGF2aWQgQWRhbXM=?=
<DavidAdams@xxxxxxxxxxxxxxxxxxxxxxxxx> says...

OK, I've messed up!

I've deleted my domain CA (test environment!) without realising that I did
in fact have some EFS encrypted files using certificates issued from it. I've
kicked myself a number of times now....

efsinfo.exe describes the files as encrypted using one of two certificates.
One of which I have in my certificate store, the other I'm assuming is lost.
Even with the certificate I have, I no longer have the CA that issued it. It
also describes the RA for the files, however, I'm unable to identify the
thumbprint for the RA certificate and so am unable to confirm if I have that
certificate. Again, though, I wont have the issuing CA.

Exporer GUI and cipher.exe are unable to decrypt the files - Access Denied,
unsurprisingly :-(

I know the future is, in this case, not very bright at all but I wondered if
you gurus might have any options before I delete the files.

....and before you say it :-) I know that Certificate Services uninstall
warns about EFS enycrypted files - I just completly forgot that I'd encrypted
them.

You're going to have to look elsewhere for the solution to your inability to access your
encrypted files as uninstalling Certificate Services will have zero impact on your
ability to access those files.

--
Paul Adare - MVP Virtual Machines
http://www.identit.ca
It all began with Adam. He was the first man to tell
a joke--or a lie. How lucky Adam was. He knew when he
said a good thing, nobody had said it before. Adam was
not alone in the Garden of Eden, however, and does not
deserve all the credit; much is due to Eve, the first
woman, and Satan, the first consultant." - Mark Twain
.

---

• Prev by Date: Re: Preventing Users from removing their PC from the Domain
• Next by Date: Re: CA deleted - Can't decrypt files
• Previous by thread: Tracking access to folder
• Next by thread: Re: CA deleted - Can't decrypt files
• Index(es):
  • Date
  • Thread

---

Relevant Pages EFS data recovery - handholding needed ... in taking ownership of files in winxp ... >local admin is supposed to have access to encrypted files ... >with the use of a default certificate. ... >>encrypted folder under my a/c that has admin rights. ... (microsoft.public.windowsxp.security_admin) EFS data recovery - handholding needed ... I have also encrypted files, ... with the use of a default certificate. ... >encrypted folder under my a/c that has admin rights. ... Under the same a/c I've ... (microsoft.public.windowsxp.security_admin) Re: Certificate not shown with efsinfo /y ... that indeed makes efsinfo/y show the certificate. ... > encrypted files on a remote computer once the certificate was shown by ... > So the real problem is that I have encrypted files on computer A. I've ... >> Autoenrollment updating the cert should update the "current" cert, ... (microsoft.public.win2000.security) Re: Encrypted files got me crazy!!!!!!! ... > consider these encrypted files. ... > KB could be your problem if you had uninstalled SP1 on Windows XP - ... (microsoft.public.windowsxp.security_admin) Re: Security update - encrypted files access problem ... If you reset the password for an account using EFS, ... ability to access the encrypted files - you were warned of that when you did it. ... > original certificate and tried to import it. ... (microsoft.public.windowsxp.security_admin)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.win2000.security  > 2006-06