Re: Serious EFS Issue
From: Dave Leonardi (Cyberaccount72_at_yahoo.com)
Date: 10/07/04
- Previous message: Steven L Umbach: "Re: autoenrollment/autorenewal"
- In reply to: Roger Abell: "Re: Serious EFS Issue"
- Next in thread: Roger Abell [MVP]: "Re: Serious EFS Issue"
- Reply: Roger Abell [MVP]: "Re: Serious EFS Issue"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 6 Oct 2004 19:35:27 -0400
Roger,
No I have not set her account password back to what it was originally.
Let me change the password back to what it was before and see if that allows
access to decrypt. I do believe the password was different before any of
this took place and I had no apparent problems. The complaint of not
accessing files occurred after the Ghost Image. The Ghost Image that
replaced hers was a generic image and not an older one.
Question: Do I have to concern myself with the profile on the end user's
workstation or the profile copied to the 2003 server? Both Profiles contain
different information when it comes to the Crypto and SystemCertificate
folders. I am not using RUP, but for some reason when I encrypted the end
user's information it copied her Documents and Settings to the 2003 server.
I am also using folder redirection with her My Documents folder, which is
where I am having issues with her data encryption. I ran certmrg.msc on the
server containing the redirected files and it did not show her as having a
personal certificate. I also ran efsinfo.exe on the server folder and it
shows no recovery agent. Thanks......
P.S Do I use certmgr.msc at her workstation or 2003 Server with Redirected
My Documents Folder
Dave
"Roger Abell" <mvpNOSpam@asu.edu> wrote in message
news:OkudEt3qEHA.896@TK2MSFTNGP12.phx.gbl...
> OK, now I may be missing something here, but you did say
> that the problem started after you reghosted the machine,
> and the machine is an XP Pro.
> You did not say, but let's assume that, this domain account
> does not use a roaming profile.
> So, have you tried setting the account's password back to
> what it was at the time when the ghost image was taken?
> Now, this may be complicated if attempts at use of EFS
> have subsequently triggered creation of a second certificate
> for use with EFS (use the account to look in the Certificates
> mmc at its private certs).
> Access to EFS secured data in XP is dependent on the account
> password matching what it was when the EFS key was last
> secured away. When you ghosted back down an old image
> if the profile is locally stored, then you overwrote the EFS
> key store with an old version, which may have corresponded
> to a prior password of the account.
>
> --
> Roger Abell
> Microsoft MVP (Windows Server System: Security)
> MCSE (W2k3,W2k,Nt4) MCDBA
> "Dave Leonardi" <daveleonardi@yahoo.com> wrote in message
> news:%23LgCfTuqEHA.556@tk2msftngp13.phx.gbl...
> > Good Morning,
> >
> > I had a question regarding Encrypted File System. I have a
particular
> > scenario where I encrypted an end user's My documents folder (Redirected
> > Folder). What has happened is that her machine was since then imaged
> > (ghosted). Now she is unable to retrieve her documents which are showing
> to
> > be encrypted with no recovery agent. Her encryption details shows her as
> > being a user that can access the files, but she cannot access it nor
> anyone
> > else. She receives denied because of user access privileges. I as the
> Domain
> > admin cannot even access or unencrypted the files. We are running a
native
> > W3K Server environment with group policies and 2000/ XP Pro
workstations.
> > The individual's My Document files I'm having issues with is running XP
> Pro
> > SP1. I'd appreciate it anyone can possibly lend a solution to this
> dilemma.
> > Thank you for your time.
> >
> >
> >
> >
> > Regards,
> >
> >
> >
> > David Leonardi
> >
> >
>
>
- Previous message: Steven L Umbach: "Re: autoenrollment/autorenewal"
- In reply to: Roger Abell: "Re: Serious EFS Issue"
- Next in thread: Roger Abell [MVP]: "Re: Serious EFS Issue"
- Reply: Roger Abell [MVP]: "Re: Serious EFS Issue"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
