Re: Serious EFS Issue

From: Dave Leonardi (daveleonardi_at_yahoo.com)
Date: 10/06/04


Date: Wed, 6 Oct 2004 15:03:56 -0400

Guys,

    I might have some good news. I checked on the server and the enduser's
profile is there with the application data on the Server C:\ Drive. She has
a Crypto Folder and a SystemCertificate Folder under the server profile with
information inside.
    Mike, It states as you said that she has a private key when using
certmgr.msc. She was not under the personal certificates so I imported her
cert info from the server profile, not her reghosted workstation profile. I
attempted to decrypt the files on the server, but am still getting an error
message as before. P.S...Rob I am running Windows 2003 Server and XP
workstation pertaining to this issue.

Dave

"Miha Pihler" <mihap-news@atlantis.si> wrote in message
news:%23%23KLNMxqEHA.1668@TK2MSFTNGP14.phx.gbl...
> If you still need to check for the existence of EFS certificate run
>
> certmgr.msc
>
> and under Personal -> certificates check if there are any listed. In MMC
> check under Intended Purposes for the certificate it should state
"Encrypted
> Files System". Double click on this file and check on General page to see
if
> certificate has this information in it "You have a private key that
> corresponds to this certificate".
> http://freeweb.siol.net/mpihler/privkey.jpg
>
> Mike
>
> "Dave Leonardi" <daveleonardi@yahoo.com> wrote in message
> news:uwIOpbwqEHA.596@TK2MSFTNGP11.phx.gbl...
> > Mike,
> >
> > I think I'm outta luck on this one. I believe the private keys are
> gone,
> > but just to make sure could you verify what file extension and location
> > where it would be?. No keys where ever exported, No recovery agent set
up
> > and user's password has not been changed. Thanks.
> >
> >
> >
> > Dave
> >
> > "Miha Pihler" <mihap-news@atlantis.si> wrote in message
> > news:eDmea1uqEHA.556@tk2msftngp13.phx.gbl...
> > > Are private keys that were used to file encryption still in user's
> > profile?
> > > Was user's password changed by administrator (not by EFS private key
> > > owner -- e.g. while computer was imaged/transfer to another
computer)...
> > >
> > > Were private keys exported ever before image process?
> > >
> > > Mike
> > >
> > > "Dave Leonardi" <daveleonardi@yahoo.com> wrote in message
> > > news:%23LgCfTuqEHA.556@tk2msftngp13.phx.gbl...
> > > > Good Morning,
> > > >
> > > > I had a question regarding Encrypted File System. I have a
> > particular
> > > > scenario where I encrypted an end user's My documents folder
> (Redirected
> > > > Folder). What has happened is that her machine was since then imaged
> > > > (ghosted). Now she is unable to retrieve her documents which are
> showing
> > > to
> > > > be encrypted with no recovery agent. Her encryption details shows
her
> as
> > > > being a user that can access the files, but she cannot access it nor
> > > anyone
> > > > else. She receives denied because of user access privileges. I as
the
> > > Domain
> > > > admin cannot even access or unencrypted the files. We are running a
> > native
> > > > W3K Server environment with group policies and 2000/ XP Pro
> > workstations.
> > > > The individual's My Document files I'm having issues with is running
> XP
> > > Pro
> > > > SP1. I'd appreciate it anyone can possibly lend a solution to this
> > > dilemma.
> > > > Thank you for your time.
> > > >
> > > >
> > > >
> > > >
> > > > Regards,
> > > >
> > > >
> > > >
> > > > David Leonardi
> > > >
> > > >
> > >
> > >
> >
> >
>
>



Relevant Pages

  • Re: EFS
    ... > When a user encrypts a file remotely on a server, the EFS certificate/key ... > generated for the user on the server. ... > the server and the certificate/key are stored in that profile.) ... >> I open the mmc on a Workstation with the Certificate Snap-In. ...
    (microsoft.public.win2000.security)
  • Re: Private key generation
    ... As I wrote in my first answer to that thread - there are many situations when key pair is generated on trusted server. ... identity based encryption) simply requires generation of private key on server... ... High assurance keys (especially these that afterward are split in multiple shares using secret sharing schemes) may also require use of specialized equipment and computers that runs in a tempest/EM shielded locations. ... Default scenario supported by Microsoft Certificate Server is the most standard CA mode when CA just signs X509 certificate with emedded public keys. ...
    (microsoft.public.dotnet.security)
  • Re: Certificate key access under Network Service in IIS 6
    ... Haven't done that because I've been remoted in to the customer's server. ... It is likely the private key file but might be a registry key as well. ... I can get the signing process to work if I have the IIS Application Pool configured to run under SYSTEM but running under the preferred NETWORK SERVICE account the private key access of the certificate fails. ...
    (microsoft.public.dotnet.security)
  • Re: How to use certificates?
    ... I expect that server will know the client public key, ... > private key for that certificate. ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: EFS - Encryption and User Migration
    ... > migration was a problems. ... As far as importing a user's certificate in an automated way keep ... > profile and hopefully will work as part of a proper migration. ... >> encrypted data on two different domain machines their private key on ...
    (microsoft.public.windows.server.security)