Re: Serious EFS Issue

From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 10/06/04 

Date: Wed, 6 Oct 2004 01:08:17 -0700

OK, now I may be missing something here, but you did say
that the problem started after you reghosted the machine,
and the machine is an XP Pro.
You did not say, but let's assume that, this domain account
does not use a roaming profile.
So, have you tried setting the account's password back to
what it was at the time when the ghost image was taken?
Now, this may be complicated if attempts at use of EFS
have subsequently triggered creation of a second certificate
for use with EFS (use the account to look in the Certificates
mmc at its private certs).
Access to EFS secured data in XP is dependent on the account
password matching what it was when the EFS key was last
secured away. When you ghosted back down an old image
if the profile is locally stored, then you overwrote the EFS
key store with an old version, which may have corresponded
to a prior password of the account. 

-- 
Roger Abell
Microsoft MVP (Windows Server System: Security)
MCSE (W2k3,W2k,Nt4)  MCDBA
"Dave Leonardi" <daveleonardi@yahoo.com> wrote in message
news:%23LgCfTuqEHA.556@tk2msftngp13.phx.gbl...
> Good Morning,
>
>     I had a question regarding Encrypted File System. I have a particular
> scenario where I encrypted an end user's My documents folder (Redirected
> Folder). What has happened is that her machine was since then imaged
> (ghosted). Now she is unable to retrieve her documents which are showing
to
> be encrypted with no recovery agent. Her encryption details shows her as
> being a user that can access the files, but she cannot access it nor
anyone
> else. She receives denied because of user access privileges. I as the
Domain
> admin cannot even access or unencrypted the files. We are running a native
> W3K Server environment with group policies and 2000/ XP Pro workstations.
> The individual's My Document files I'm having issues with is running XP
Pro
> SP1. I'd appreciate it anyone can possibly lend a solution to this
dilemma.
> Thank you for your time.
>
>
>
>
> Regards,
>
>
>
> David Leonardi
>
>

Relevant Pages

  • Re: EFS Recover Agents Unable to decrypt files
    ... Have checked permissions as you stated many times. ... for decrypting the file is the original domain administrator account. ... He has an EFS RA ... a special recovery key is created with the encryption process. ...
    (microsoft.public.win2000.file_system)
  • Re: EFS recovery agents
    ... We are putting a second machine at a remote location (that is still ... We would like to use EFS ... matter, as far as how EFS work, whether the account is local or domain. ... The account the causes a file to be stored with EFS encryption is the ...
    (microsoft.public.win2000.security)
  • Re: EFS file recovery on Win2k
    ... destroyed - so I must be able to recover the information. ... > Win2000 EFS works a little differently but also allows you to set up other ... > You definitely want to back up the encryption keys, ... > Since EFS is tied to the user account, EFS is compromised if the account ...
    (microsoft.public.win2000.security)
  • Re: EFS recovery problem
    ... Failure to open a file due to encryption look just ... The account does not need to the the owner. ... I should have studied EFS ... export the Dave User certificate (in *.p7b ...
    (microsoft.public.windowsxp.security_admin)
  • Re: New computer to domain - Huge disaster with file encryption
    ... If you disjoin from the domain back to workgroup and he uses his local account again you should have access ... account he did this move with encryption - I assume however that from account ... name was migrated to domain user account. ... Now some folders in his My Documents folder (redirected to the server by the ...
    (microsoft.public.windows.server.sbs)