Re: changed password and efs

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 04/07/05 

Date: Thu, 7 Apr 2005 12:35:45 -0500

You should still be able to use your EFS RA. Password changes and EFS only
apply to XP Pro/Windows 2003 local user accounts not domain accounts. Having
said that it would still be smart to create another RA for the domain that
would be able to recover EFS files that were created after it was
implemented or for files that have been opened since the new EFS RA was in
place. There is nothing wrong with writing your password down if it is
stored in a safe place, preferably in a sealed envelope - maybe at home in
your socks drawer. See the link below for more details. Keep in mind that
your EFS private key is also protected by a password that you gave it via a
.pfx file at the time of export. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;309408

"Ion" <groups@google.com> wrote in message
news:OfYc8w2OFHA.2132@TK2MSFTNGP14.phx.gbl...
> hi,
> i apologise for cross-posting:
>
> i have recently changed the domain administrator password but i have set a
> so complicated one and i was so tired when i did it that i have forgotten
> it
> (please don't start flames about this, i *know* i was wrong in this). but
> few days before that, i have exported my certificate and private key onto
> my
> usb stick. i am using the administrator account (yes, i *know* i shouldn't
> have run as administrator, please don't start flaming) and so i am the
> recovery agent too. so i wonder: if i reset my password (no, unfortunately
> i
> have not made a password reset disk and also i have no back-up of my
> ntds.dit before the password change) logging in as another member of
> administrators group, and then login as administrator and import back my
> certificate and private key, will i be able to access my efs files?
> thank you very very much.
> dc is windows 2003 sp1 with native 2003 ad mode
>
>

Relevant Pages

  • Re: changed password and efs
    ... You should still be able to use your EFS RA. ... Password changes and EFS only ... > have run as administrator, please don't start flaming) and so i am the ... will i be able to access my efs files? ...
    (microsoft.public.windowsxp.security_admin)
  • Re: External disk security
    ... computers I have administrator access and I do not need it on any ... > The only way would be to use encryption such as EFS. ... > decrypt the EFS files since they would not have access to the ...
    (microsoft.public.win2000.security)
  • [Full-disclosure] Re: Windows XP Home LSA secrets storesXP loginpassphrase in plain text (John D
    ... you can decrypt the EFS for _all_ users on the computer. ... In Windows XP the EFS private key is encrypted using users passphrase and without the passphrase, you cannot decrypt it. ... Administrator is the recovery agent and can decrypt all EFS files anyway. ... Users private keys are not stored encrypted in the system and anyone who can simply sign in with that users credentials can decrypt users EFS files. ...
    (Full-Disclosure)
  • Re: EFS and Biometrics? Other options?
    ... Subject: EFS and Biometrics? ... Encryption ... status is completely unaffected by user password changes, ... recovery agent would not be needed in the event of a password change, ...
    (Focus-Microsoft)
  • Re: EFS Certs in AD or local PC?
    ... Just to add that EFS files can not be copied by anyone other then a user ... that can decrypt them but a user can use NTbackup to back them up to be ... If there are no correct EFS private keys [user ...
    (microsoft.public.windows.server.sbs)