Re: Serious EFS Issue

• Previous message: G. Tarazi: "Re: Overcomplicating an OS: NTLM, Kerberos, Win2003/2000 incompatibility."
• In reply to: Roger Abell [MVP]: "Re: Serious EFS Issue"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 7 Oct 2004 13:02:57 -0400

Everyone,

    Thanks for your help it was more than appreciated. I have spent than
enough time with no progress. Again thank you, but I'm afraid that the
encryption worked all to well. I have no keys or certificates to go on. I
will take in consideration next time when Exporting keys and recovery
agents.

    Regards,
                Dave Leonardi

"Roger Abell [MVP]" <mvpNoSpam@asu.edu> wrote in message
news:u$NU9xCrEHA.2580@TK2MSFTNGP15.phx.gbl...
> > The Ghost Image that
> > replaced hers was a generic image and not an older one.
> I suspect that translates to "bingo", as this wiped out her
> profile and so her key store.
> With the non-use of RUP but redirected I am not really the one
> to clearly answer how it all would work out in your case.
>
> certmgr.msc run when logged in as her at her machine would
> let you see the environment as it is for her
> Others mentioned efsinfo utility useful for you as an admin.
>
> --
> Roger Abell
> Microsoft MVP (Windows Server System: Security)
> MCDBA, MCSE W2k3+W2k+Nt4
> "Dave Leonardi" <Cyberaccount72@yahoo.com> wrote in message
> news:OByWq0$qEHA.3520@TK2MSFTNGP11.phx.gbl...
> > Roger,
> >
> > No I have not set her account password back to what it was
originally.
> > Let me change the password back to what it was before and see if that
> > allows
> > access to decrypt. I do believe the password was different before any of
> > this took place and I had no apparent problems. The complaint of not
> > accessing files occurred after the Ghost Image. The Ghost Image that
> > replaced hers was a generic image and not an older one.
> > Question: Do I have to concern myself with the profile on the end
user's
> > workstation or the profile copied to the 2003 server? Both Profiles
> > contain
> > different information when it comes to the Crypto and SystemCertificate
> > folders. I am not using RUP, but for some reason when I encrypted the
end
> > user's information it copied her Documents and Settings to the 2003
> > server.
> > I am also using folder redirection with her My Documents folder, which
is
> > where I am having issues with her data encryption. I ran certmrg.msc on
> > the
> > server containing the redirected files and it did not show her as having
a
> > personal certificate. I also ran efsinfo.exe on the server folder and it
> > shows no recovery agent. Thanks......
> >
> > P.S Do I use certmgr.msc at her workstation or 2003 Server with
Redirected
> > My Documents Folder
> >
> >
> > Dave
> >
> > "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
> > news:OkudEt3qEHA.896@TK2MSFTNGP12.phx.gbl...
> >> OK, now I may be missing something here, but you did say
> >> that the problem started after you reghosted the machine,
> >> and the machine is an XP Pro.
> >> You did not say, but let's assume that, this domain account
> >> does not use a roaming profile.
> >> So, have you tried setting the account's password back to
> >> what it was at the time when the ghost image was taken?
> >> Now, this may be complicated if attempts at use of EFS
> >> have subsequently triggered creation of a second certificate
> >> for use with EFS (use the account to look in the Certificates
> >> mmc at its private certs).
> >> Access to EFS secured data in XP is dependent on the account
> >> password matching what it was when the EFS key was last
> >> secured away. When you ghosted back down an old image
> >> if the profile is locally stored, then you overwrote the EFS
> >> key store with an old version, which may have corresponded
> >> to a prior password of the account.
> >>
> >> --
> >> Roger Abell
> >> Microsoft MVP (Windows Server System: Security)
> >> MCSE (W2k3,W2k,Nt4) MCDBA
> >> "Dave Leonardi" <daveleonardi@yahoo.com> wrote in message
> >> news:%23LgCfTuqEHA.556@tk2msftngp13.phx.gbl...
> >> > Good Morning,
> >> >
> >> > I had a question regarding Encrypted File System. I have a
> > particular
> >> > scenario where I encrypted an end user's My documents folder
> >> > (Redirected
> >> > Folder). What has happened is that her machine was since then imaged
> >> > (ghosted). Now she is unable to retrieve her documents which are
> >> > showing
> >> to
> >> > be encrypted with no recovery agent. Her encryption details shows her
> >> > as
> >> > being a user that can access the files, but she cannot access it nor
> >> anyone
> >> > else. She receives denied because of user access privileges. I as the
> >> Domain
> >> > admin cannot even access or unencrypted the files. We are running a
> > native
> >> > W3K Server environment with group policies and 2000/ XP Pro
> > workstations.
> >> > The individual's My Document files I'm having issues with is running
XP
> >> Pro
> >> > SP1. I'd appreciate it anyone can possibly lend a solution to this
> >> dilemma.
> >> > Thank you for your time.
> >> >
> >> >
> >> >
> >> >
> >> > Regards,
> >> >
> >> >
> >> >
> >> > David Leonardi
> >> >
> >> >
> >>
> >>
> >
> >
>
>

• Previous message: G. Tarazi: "Re: Overcomplicating an OS: NTLM, Kerberos, Win2003/2000 incompatibility."
• In reply to: Roger Abell [MVP]: "Re: Serious EFS Issue"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]